Privacy Policy | Angus Uelsmann

Short version

No Google Analytics, no advertising pixels, no profiling and no marketing cookies are used.
A cookie banner is currently not shown because the site only uses storage that is necessary or requested by the visitor, such as language and theme preferences.
The website uses aggregate traffic counters and short-lived abuse-protection signals, not stable browser fingerprints.
If a request is classified as a serious abuse attempt, the site may temporarily keep extended technical security logs to defend the service and enforce bans.

Privacy controls

Privacy is not a single button. You can clear this browser immediately, inspect local data, or start a verified server-side access or deletion request.

Browser data viewer This is what this browser can see locally. HTTP-only cookies and server-side contact messages are not visible to browser JavaScript.

Data access request I will check what server-side data is associated with your identifier and prepare a structured response. There may be nothing to export.

Delete your data This is not instant. I need to identify what belongs to you first. Some data can be deleted, some may require verification, and some may be retained for security or legal reasons.

Deletion proofs

Verified privacy cases include tamper-evident proof events. Creation, case closure and physical cleanup are written to a hash-chained ledger. During physical cleanup, app-managed case files are overwritten best-effort, truncated and unlinked. The public case page shows the event hash, previous hash and time; the ledger itself stores metadata and hashes, not the personal payload.

Private case links expire after 60 days. A scheduled daily cleanup then removes expired app-managed case files with the best-effort overwrite routine. The minimal ledger proof remains so the action can still be checked later.

A full free-space wipe is intentionally not used: on SSDs, managed hosting, snapshots and backups it is not reliably provable and can harm the system. Instead, deletion focuses on the concrete app-controlled files and records the result.

When deletion is limited

If data must be kept for legal obligations, accounting, security or legal claims, it is not used normally anymore. It is restricted to that purpose and the case response should explain what is retained, why, and for how long where this can be determined.

Forget this browser

This removes local preferences in this browser and asks the server to delete short-lived abuse traces and Insight view deduplication tokens for this client. Contact messages already sent through the form are not deleted automatically; use the privacy contact for that.

What this site stores

The store keeps a small local purchase ledger so paid downloads can be re-served later. Stripe still processes the payment itself; this site stores only the fulfillment record needed to deliver the files and keep support traceable.

Stripe Checkout handles the payment details and the contact information entered during checkout, if provided there.
The site stores a local purchase record with the Stripe session ID, purchased items, a fulfillment token and a small download counter.
Download requests are checked against that record and the completed Stripe session before any ZIP is served.
Purchase records can be removed later, but they may need to remain as long as accounting, dispute handling or support retention requires.

Privacy-first visitor statistics

For basic reach statistics, the site stores aggregate counts by language, referrer category, request path, country hint, request class and hour. No stable visitor ID, browser fingerprint or raw IP address is written to the visitor statistics file. Older aggregates can stay longer, but only in summarized form.

Traffic snapshot 2026-06-27T01:24:17+02:00

Example data structure

Example of stored statistics

data/visitors.jsonexample

{
  "schema": "angusu.traffic.aggregate.v2",
  "totals": {
    "requests": 1284,
    "by_language": { "de-de": 42, "en-us": 12 },
    "by_referrer": { "search": 18, "direct": 10 },
    "by_path": { "home": 18, "privacy": 6 },
    "by_class": { "likely_human": 1100, "uncertain": 160, "likely_bot": 24 }
  },
  "days": {
    "YYYY-MM-DD": {
      "requests": 53,
      "by_referrer": { "search": 12, "direct": 41 },
      "by_class": { "likely_human": 49, "uncertain": 4 }
    }
  }
}

Insights views and likes

Insight article views are counted after a short delay on the article page. For deduplication, the browser stores a random local reader ID. The server stores only daily SHA-256 hashes derived from that reader ID, article slug, date and coarse read-depth bucket in data/insights/views-seen.json; the raw reader ID, IP address and user agent are not stored there. Stored view data contains the article slug, totals, dates and aggregated read-depth counters in 25% steps. Likes are stored as counters on the server; the visitor browser stores only whether that browser has liked an article.

Contact form

When the contact form is used, the submitted name, email address, optional website URL, message, optional attachments, submission time and a shortened hash of the IP address for abuse protection are stored locally on this server. The data is used to answer the request, protect the form against spam and document the conversation where needed.

Example data structure

Example of a stored contact request

data/submissions/*.mdexample

---
date: 2026-04-30 12:00:00
name: Example Name
email: person@example.com
url: https://example.com
ip: shortened_hash_for_rate_limiting
---

If you want a stored request to be deleted, you can start a verified deletion request in the privacy controls.

Cookies and local storage

The site uses a language cookie when a visitor chooses a language, localStorage for the theme preference, the one-time theme-toggle hint, the quiet hero text position, cached interface translations, the anonymous Insight reader ID, localStorage for Insight like state, and a local store purchase ledger for paid downloads. These values are not used for advertising.

angusu_de-lang: stores the selected language for up to one year.
angusu_de-theme: stores the selected light/dark theme in the browser.
angusu_de-theme-pulse: remembers when the subtle theme-toggle hint was shown or dismissed so it is not repeated too often.
angusu_de-hero-cycle: stores the current hero text position so the intro does not restart from the first phrase on every reload.
angusu_de-i18n-* values: cache interface translations by version so language switching still works if the translation endpoint is briefly unavailable.
angusu_de-insight-reader-id: stores a random browser ID so Insight reads can be counted once per browser, article and day without using the household IP address as the person identifier.
angusu_de-liked-* values: remember liked Insight articles in the browser.
CSRF tokens protect forms against misuse and are generated from a daily server-side token and the request IP; they are not stored as cookies.
data/store-purchases.json: stores Stripe session IDs, purchased items, fulfillment tokens and download counts for store purchases.

How it works

IP address and hashes

A normal IP address looks like 203.0.113.42 or 2001:db8::42. This website does not store that raw value in the visitor statistics file. Instead, it keeps only summarized counters such as request class, source bucket, path bucket and hour bucket. Any short-lived abuse-protection data is handled separately and is not used as a browsing fingerprint.

This is intentional: it allows reach, source and timing insights without keeping a readable browser history or a stable visitor ID.

Abuse detection and security bans

If a request is flagged as a serious automated or abusive attempt, the site may temporarily store extended technical security data such as the raw IP address, subnet, reverse-DNS result if available, request path, request headers, submitted technical fields and heuristic risk signals. This only happens for security defense, rate limiting, shadow bans and incident review. It is not used for marketing, profiling or general audience analytics.

These extended security logs are kept only for a short security window and should be deleted again when they are no longer needed for abuse defense or legal claims.

Why this exists

Some data exists because the website has to respond to requests, keep preferences working and protect itself from abuse.

You opened this page, so your browser requested HTML, CSS, images, fonts and scripts.

The system needs basic technical request data to deliver those resources reliably.

Small counters and rate limits help prevent abuse and keep the site stable.

Preferences like language, theme and likes exist only so the interface remembers what you chose.

Legal details

Controller

The controller for this website is Angus Uelsmann.

Angus Uelsmann
c/o MDC Management#1670
Welsterstraße 3
87463 Dietmannsried
Germany

Privacy contact

For privacy requests, use the email address below or the contact form.

hello@angusu.de · angusu.de/contact

Cookie banner

A cookie banner is not used at the moment because no consent-based marketing, analytics or advertising storage is used. If that changes, the site should add consent before those tools run.

Fonts

The fonts used by this website are hosted locally. No request to Google Fonts is made for normal page rendering.

Search engines and sitemap

The sitemap can be submitted to search engines so public pages can be crawled and indexed. This is not the same as Google Analytics and does not place tracking code or cookies on this website.

Server delivery and security

This website is hosted with Hostinger. The hosting location is Frankfurt am Main, Germany. Like every website, the web server processes technical request data such as IP address, requested URL, date, time and browser information to deliver the site and keep it secure. Security logs may be processed where necessary to detect misuse. Where required, a data processing agreement (DPA / AVV) is used with the hosting provider because the provider can technically process server delivery and security data.

Legal bases

Processing is based on legitimate interests in operating, securing and improving the website, on pre-contractual communication when the contact form is used, and on legal obligations where retention is required.

Your rights

You can request access, correction, deletion, restriction, portability and object to processing where legally available. You can also complain to a data protection supervisory authority.