Skip to main content
Sovereign Workspace Try the demo

Privacy

Last updated: [TODO — set on first deploy]

This page documents the personal data this website collects and why. It is intentionally short — the site sets no cookies, uses no third-party trackers, and does not embed content from surveillance-economy platforms.

Who we are

The data controller for this website is the organisation listed on the Impressum page.

What data we collect on this website

Server access logs. Our web server (nginx) records each request in a log line containing IP address, timestamp, HTTP method, URL path, response status, byte count, user agent, and referer. Logs are stored on the same server the site runs on and are automatically deleted after seven days. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a secure public website and protecting it from abuse).

Analytics. We use Plausible, a cookieless, EU-hosted analytics service. Plausible does not set cookies, does not track individuals across sites, and does not collect personal data as defined by the GDPR. Metrics are aggregated — page views, referrer, browser, country at country-level resolution. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding aggregate site usage).

Email contact. If you email [email protected], we receive your email address and the content of your message. We retain correspondence only as long as needed to handle your request and any follow-up. Legal basis: Art. 6(1)(b) GDPR (pre-contractual communication) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

What this website does NOT do

  • No cookies. No cookie banner is needed.
  • No Google Analytics, no Facebook Pixel, no Hotjar, no HubSpot, no Intercom.
  • No embedded YouTube, Twitter, LinkedIn, or other surveillance-economy widgets.
  • No fonts from Google Fonts — we self-serve via Bunny Fonts (EU).
  • No fingerprinting, no device ID, no cross-site tracking.

Your rights under the GDPR

You have the right to request access, rectification, erasure, restriction of processing, and portability of any personal data we hold about you. You also have the right to object to processing based on legitimate interest, and the right to lodge a complaint with your national data protection authority.

Requests go to [email protected]. We reply in plain language within 30 days.

Third-party services we rely on

  • Hetzner Online GmbH — hosting in Germany. Data processing agreement in place.
  • Bunny.net (BunnyWay d.o.o.) — EU-hosted font CDN. Serves the Fraunces and IBM Plex Sans typefaces. Data processing agreement available from Bunny.
  • Plausible Analytics B.V. — EU-hosted, cookieless analytics. Data processing agreement in place.

Product vs. website — a note

This policy covers only the marketing website at sovereignworkspace.org. If you self-host the Sovereign Workspace product, you are the data controller for the data your users put in. We do not see it, do not have access to it, and do not receive telemetry from your deployment. See the Security page for the full model.