Welcome to my website. I'm an privacy-concerned individual that hates being tracked all across the web. What I am not, is a business; I am not selling anything, nor do I use this site in any real commercial way. There is no real incentive for me to track you.
Nevertheless, it is interesting for me to get at least some analytics and see how many people land on my site. Spoiler: not that many. Either way, on this page I will to the best of my ability try to inform you of the impact of karelvo.com on your privacy - I tried to avoid using too much legal mumbo-jumbo.
Note: if you're coming from one of the other websites I own and clicked the privacy policy link there, it will have landed you here. Everything stated here is true for those sites as well.
Summary: the sites are hosted on a Hetzner server (location: Falkenstein, Germany). All sites are built using the Astro framework. I collect some anonimized statistics such as page visits and sources via Umami, which is hosted on the same server (i.e. not their cloud). I use Basin as a form database (i.e. their cloud). Cloudflare serves as a CDN for this site, and all traffic is proxied through it. No cookies are stored. No personally identifiable information is collected, nor is any data collected shared with any third party.
I host my websites on a Hetzner VPS. In short, that's a computer I rent from them for a couple of euros per month. They are one of the largest European hosting providers (that isn't FAANG), and this is likely not the first website this week that you stumble on that is running on their machines.
I could in theory host this site on a computer in my garage, but this opens up a gazillion other cans of worms that I don't have the mental energy to put my time and effort in. They are highly reliable and fairly transparant, but as always: it's a third party, so they may or may not collect and process data necessary for hosting and operating anything they run. Check out their Privacy Policy for more info.
I use the awesome and open-source Umami to collect anonymous usage statistics of my website, answering questions like "how many times did this page get accessed?" and "where did the traffic come from?". Important to note here is that I host my own instance, so nothing gets sent to their cloud. Even if they would, it'd be not much of a worry, as according to their FAQs and Privacy Policy, Umami ...
...does not collect any personally identifiable information and anonymizes all data collected. Users cannot be identified and are never tracked across websites.
I use Basin as a database for my forms. In essence, this means that filling out a form on any of my websites will send the information to them to store it and notify me that someone has filled out a form. This is the most obvious way on my domains in which your data hands up in "another party's hands": if you fill out the form, you know it will end up in their systems. Then again, that is true for 99% of the forms you have ever filled out on the internet - and this time, you won't get spammed. At least not by me.
They claim GDPR compliance and their Privacy Policy looks kinda okay. This is how ChatGPT summarizes it:
Basin collects and stores personally-identifying information from users who fill out forms. They do not sell this data and disclose it only to employees, contractors, and affiliated organizations that need to know and have agreed to confidentiality. Users can request to review, change, or delete their information at any time.
Cloudflare acts as the Content Delivery Network (CDN) for my sites, and it improves site performance and security by caching content and distributing it across its global network of servers. In layman's terms, it serves a copy of the site that is close to you (literally, as in geographic distance) so that everything loads faster. Also, it protects my actual server from attacks by proxying the traffic.
Aside from their CDN, CloudFlare's Turnstile serves as a CAPTCHA replacement so I don't get spam-bombarded on my forms. It's invisible, and knows whether or not they're dealing with a bot.
They may or may not automatically collect user data, such as the IP address you are connecting from, for operational and analytical purposes. For details on what Cloudflare collects, you should refer to Cloudflare's Privacy & data protection.
While not so much a privacy concern as much a plug for an awesome framework, the sites are built using Astro. They don't act as a data processor, but of course you never know what shenanigans they (or third-party contributors, which I try to avoid) might be up to in the future, I'm referring to their Privacy Policy just in case.
We prioritize your security: this website uses HTTPS to encrypt data transmitted from and to the website. Certificates are created and managed via Let's Encrypt.
Obligatory legal ramblings: you have a right to access, amend, and delete personal data (which, again, there is none apart from form submissions) that we process. This may not include data that we process for legal or security reasons when allowed or required by (the applicable) law.
We may update our Privacy Policy from time to time. Whenever this Privacy Policy is subject to a material change, we will notify you in advance via a message displayed on the web page or by other means. For minor changes not affecting your rights, we encourage you to monitor this page for updates.
If you have questions or concerns about this Privacy Policy, get in touch via the contact form.