Privacy Policy | Angus Uelsmann

Short version

No Google Analytics, no advertising pixels, no profiling and no marketing cookies are used.
A cookie banner is currently not shown because the site only uses storage that is necessary or requested by the visitor, such as language and theme preferences.
The website uses small, local statistics to understand reach without storing raw IP addresses.

Privacy controls

Privacy is not a single button. You can clear this browser immediately, inspect local data, or start a verified server-side access or deletion request.

Browser data viewer This is what this browser can see locally. HTTP-only cookies and server-side contact messages are not visible to browser JavaScript.

Data access request I will check what server-side data is associated with your identifier and prepare a structured response. There may be nothing to export.

Delete your data This is not instant. I need to identify what belongs to you first. Some data can be deleted, some may require verification, and some may be retained for security or legal reasons.

Deletion proofs

Verified privacy cases include tamper-evident proof events. Creation, case closure and physical cleanup are written to a hash-chained ledger. During physical cleanup, app-managed case files are overwritten best-effort, truncated and unlinked. The public case page shows the event hash, previous hash and time; the ledger itself stores metadata and hashes, not the personal payload.

Private case links expire after 60 days. A scheduled daily cleanup then removes expired app-managed case files with the best-effort overwrite routine. The minimal ledger proof remains so the action can still be checked later.

A full free-space wipe is intentionally not used: on SSDs, managed hosting, snapshots and backups it is not reliably provable and can harm the system. Instead, deletion focuses on the concrete app-controlled files and records the result.

When deletion is limited

If data must be kept for legal obligations, accounting, security or legal claims, it is not used normally anymore. It is restricted to that purpose and the case response should explain what is retained, why, and for how long where this can be determined.

Forget this browser

This removes local preferences in this browser and asks the server to delete current daily visitor fingerprints, contact-form rate-limit traces and Insight view deduplication tokens for this client. Contact messages already sent through the form are not deleted automatically; use the privacy contact for that.

What this site stores

Privacy-first visitor statistics

For basic reach statistics, the site stores language totals, referrer categories, visit hour and a daily hash derived from IP address, user agent and date. The raw IP address and user agent are not stored in these statistic files. Daily hash entries are kept for up to 60 days; aggregate counters can remain longer.

Example data structure

Example of stored statistics

data/visitors.jsonexample

{
  "unique_langs": { "de-de": 42, "en-us": 12 },
  "referrers": { "search": 18, "direct": 10 },
  "days": {
    "YYYY-MM-DD": [
      { "h": "daily_sha256_hash", "n": 123, "nd": 1, "hr": 14, "ref": "search" }
    ]
  }
}

Insights views and likes

Insight article views are counted after a short delay on the article page. For deduplication, the browser stores a random local reader ID. The server stores only daily SHA-256 hashes derived from that reader ID, article slug, date and coarse read-depth bucket in data/insights/views-seen.json; the raw reader ID, IP address and user agent are not stored there. Stored view data contains the article slug, totals, dates and aggregated read-depth counters in 25% steps. Likes are stored as counters on the server; the visitor browser stores only whether that browser has liked an article.

Contact form

When the contact form is used, the submitted name, email address, optional website URL, message, optional attachments, submission time and a shortened hash of the IP address for abuse protection are stored locally on this server. The data is used to answer the request, protect the form against spam and document the conversation where needed.

Example data structure

Example of a stored contact request

data/submissions/*.mdexample

---
date: 2026-04-30 12:00:00
name: Example Name
email: person@example.com
url: https://example.com
ip: shortened_hash_for_rate_limiting
---

If you want a stored request to be deleted, you can start a verified deletion request in the privacy controls.

Cookies and local storage

The site uses a language cookie when a visitor chooses a language, localStorage for the theme preference, the one-time theme-toggle hint, the quiet hero text position, cached interface translations, the anonymous Insight reader ID, and localStorage for Insight like state. These values are not used for advertising.

avfolio-lang: stores the selected language for up to one year.
avfolio-theme: stores the selected light/dark theme in the browser.
avfolio-theme-pulse: remembers when the subtle theme-toggle hint was shown or dismissed so it is not repeated too often.
avfolio-hero-cycle: stores the current hero text position so the intro does not restart from the first phrase on every reload.
avfolio-i18n-* values: cache interface translations by version so language switching still works if the translation endpoint is briefly unavailable.
avfolio-insight-reader-id: stores a random browser ID so Insight reads can be counted once per browser, article and day without using the household IP address as the person identifier.
avfolio-liked-* values: remember liked Insight articles in the browser.
CSRF tokens protect forms against misuse and are generated from a daily server-side token and the request IP; they are not stored as cookies.

How it works

IP address and hashes

A normal IP address looks like 203.0.113.42 or 2001:db8::42. This website does not store that raw value in the visitor statistics. Instead, it stores a one-way hash made from IP address, browser information and date, for example a SHA-256 string such as 4f04139959affe9f6c673a2800e029074b66b1f0f49acb7508fb15a62e35a0b1. That hash can be compared again only if the server sees the same kind of input. It cannot be calculated backwards into the original IP address.

This is intentional: it allows rough, abuse-resistant counting without keeping a readable browsing history by IP address.

Why this exists

Some data exists because the website has to respond to requests, keep preferences working and protect itself from abuse.

You opened this page, so your browser requested HTML, CSS, images, fonts and scripts.

The system needs basic technical request data to deliver those resources reliably.

Small counters and rate limits help prevent abuse and keep the site stable.

Preferences like language, theme and likes exist only so the interface remembers what you chose.

Legal details

Controller

The controller for this website is Angus Uelsmann.

Angus Uelsmann
c/o MDC Management#1670
Welsterstraße 3
87463 Dietmannsried
Germany

Privacy contact

For privacy requests, use the email address below or the contact form.

hello@angusu.de · angusu.de/contact

Cookie banner

A cookie banner is not used at the moment because no consent-based marketing, analytics or advertising storage is used. If that changes, the site should add consent before those tools run.

Fonts

The fonts used by this website are hosted locally. No request to Google Fonts is made for normal page rendering.

Search engines and sitemap

The sitemap can be submitted to search engines so public pages can be crawled and indexed. This is not the same as Google Analytics and does not place tracking code or cookies on this website.

Server delivery and security

This website is hosted with Hostinger. The hosting location is Frankfurt am Main, Germany. Like every website, the web server processes technical request data such as IP address, requested URL, date, time and browser information to deliver the site and keep it secure. Security logs may be processed where necessary to detect misuse. Where required, a data processing agreement (DPA / AVV) is used with the hosting provider because the provider can technically process server delivery and security data.

Legal bases

Processing is based on legitimate interests in operating, securing and improving the website, on pre-contractual communication when the contact form is used, and on legal obligations where retention is required.

Your rights

You can request access, correction, deletion, restriction, portability and object to processing where legally available. You can also complain to a data protection supervisory authority.