Skip to content
LinkPress™
Legal

Privacy, Data & Cookie Policy

We respect your privacy and are committed to protecting your personal data. This page covers our Privacy Policy, GDPR Art. 28 Data Processing Agreement, and Cookie Policy.

Last updated May 19, 2025 Jurisdiction Germany / EU GDPR / BDSG / ePrivacy
Part 1: Privacy Policy Part 2: Data Processing DPA Part 3: Cookie Policy

Part 1: Privacy Policy

What personal data we collect, why we collect it, and how long we keep it.

Contents

  1. 01 Who We Are
  2. 02 Data We Collect
  3. 03 Legal Basis for Processing
  4. 04 How We Use Your Data
  5. 05 Data Sharing & Processors
  6. 06 Data Retention
  7. 07 International Transfers
  8. 08 Your Rights
  9. 09 Children's Privacy
  10. 10 Security
  11. 11 Changes to This Policy
01

Who We Are

LinkPress™ is operated by Mithun A. Sridharan, based in Heidelberg, Germany. We publish editorial content, software resources, and tools at https://linkpress.app. For privacy-related questions, contact us at [email protected].

02

Data We Collect

Contact submissions Name, email address, and message content when you use our contact form.
Newsletter subscriptions First name, last name, organisation, country, and email address when you subscribe.
Usage analytics Anonymised page views and browser metadata via privacy-respecting analytics; no cross-site tracking.
Cookies Essential cookies for site functionality and your theme preference. See Part 3: Cookie Policy for details.
Server logs IP addresses, timestamps, and request metadata retained for up to 30 days for security purposes.
04

How We Use Your Data

Delivering the service Responding to contact form submissions and sending newsletter issues you subscribed to.
Site security Detecting and preventing abuse, spam, and unauthorised access.
Analytics improvement Understanding which content resonates so we can improve quality and coverage.
Legal compliance Meeting our obligations under applicable data protection law.
05

Data Sharing & Processors

Resend (USA) Transactional and newsletter email delivery. Data transferred under EU Standard Contractual Clauses (SCCs). DPA in place.
Cloudflare (USA) CDN, infrastructure, and KV storage for subscriber records. Cloudflare participates in the EU-US Data Privacy Framework. DPA in place.
Stripe (USA) Payment processing for purchases. Complies with PCI DSS Level 1; processes only payment-related data. DPA in place.
Hosting provider Site assets and server logs are stored by our infrastructure provider under appropriate contracts.
06

Data Retention

Newsletter subscribers Retained until you unsubscribe. Unsubscribed records are kept for compliance audit purposes for 12 months.
Contact submissions Retained for 24 months to support any follow-up queries, then permanently deleted.
Server logs Retained for 30 days for security analysis, then automatically purged.
Analytics Aggregated and anonymised; no individual retention period applies.
07

International Transfers

Where personal data is transferred outside the European Economic Area (EEA), such transfers are subject to appropriate safeguards: EU Standard Contractual Clauses (SCCs) adopted under Commission Decision 2021/914, adequacy decisions, or participation in the EU-US Data Privacy Framework. Copies of relevant SCCs are available on request.

08

Your Rights

Access Request a copy of the personal data we hold about you.
Rectification Ask us to correct inaccurate or incomplete data.
Erasure Request deletion of your personal data (right to be forgotten).
Restriction Ask us to restrict processing in certain circumstances.
Portability Receive your data in a structured, machine-readable format.
Objection Object to processing based on legitimate interests.
Withdraw consent Unsubscribe from emails at any time using the link in every message.
Lodge a complaint Contact your national data protection authority. Our lead supervisory authority is the LfDI Baden-Württemberg; see Part 2: for details.
09

Children's Privacy

Our services are not directed at persons under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

10

Security

Encryption in transit All data transmitted between your browser and our infrastructure uses TLS 1.2 or higher.
Encryption at rest Sensitive data, including subscriber records, is encrypted at rest using AES-256.
Access controls Access to personal data is restricted to personnel who require it to perform their role. Access is reviewed periodically.
Incident response We maintain an incident response procedure. Personal data breaches are reported to the supervisory authority within 72 hours if required under Art. 33 GDPR.
Pseudonymisation Where practical, analytics data is pseudonymised or aggregated to reduce re-identification risk.
11

Changes to This Policy

We may update this Privacy Policy from time to time. The Last updated date at the top of this page reflects when changes were last made. Significant changes will be communicated via a notice on our site or by email to newsletter subscribers.

Part 2: Data Processing Agreement

Technical and organisational measures for personal data protection under GDPR Article 28.

DPA Contents

  1. 01 Scope & Purpose
  2. 02 Key Definitions
  3. 03 Subject Matter of Processing
  4. 04 Controller Obligations
  5. 05 Processor Obligations
  6. 06 Breach Notification
  7. 07 Return / Deletion of Data
  8. 08 Supervisory Authority
01

Scope & Purpose

This Data Processing Agreement (DPA) forms part of the Terms of Use between ${siteConfig.name} (Processor or Controller, depending on context) and the data subject or contracting party (you). It documents the technical and organisational measures we apply to protect personal data processed on your behalf or concerning you, in accordance with Art. 28 GDPR.

02

Key Definitions

Personal Data Any information relating to an identified or identifiable natural person, as defined in Art. 4(1) GDPR.
Processing Any operation or set of operations performed on personal collection, recording, storage, use, disclosure, erasure, etc.
Controller The entity that determines the purposes and means of processing. For your personal data submitted to this site, ${siteConfig.name} is the Controller.
Processor An entity that processes data on behalf of the Controller. Our sub-processors Resend and Cloudflare act as Processors.
Sub-processor A third party engaged by the Processor to carry out specific processing activities on behalf of the Controller.
03

Subject Matter of Processing

Categories of data Email addresses, names, organisation names, country, IP addresses (truncated), and subscription preferences.
Categories of data subjects Newsletter subscribers, contact form submitters, and site visitors.
Purpose of processing Sending newsletter communications, responding to enquiries, delivering purchased content, and maintaining site security.
Duration Processing continues for as long as you maintain an active subscription or account, plus any legally required retention period thereafter.
04

Controller Obligations

Lawfulness We process personal data only on a valid legal basis: consent, contractual necessity, or legitimate interests as documented in Part 1: Privacy Policy.
Data minimisation We collect only the minimum data necessary for each specified purpose. We do not collect data just in case.
Purpose limitation Data collected for one purpose will not be repurposed for an incompatible use without your knowledge and, where required, consent.
Accuracy We take reasonable steps to ensure data is accurate. You may request corrections at any time.
05

Processor Obligations

Instructions Sub-processors act only on documented instructions from us and are contractually bound not to process data for their own purposes.
Confidentiality All personnel with access to personal data are bound by confidentiality obligations, whether by employment contract or applicable law.
Security Sub-processors implement technical and organisational measures appropriate to the risk, including encryption in transit (TLS 1.2+) and access controls.
Sub-processor changes We will notify you of any intended changes to our list of sub-processors with reasonable notice, providing an opportunity to object.
06

Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of it, where feasible. Where the breach is likely to result in a high risk, we will also notify affected data subjects without undue delay.

07

Return / Deletion of Data

Upon termination of our relationship or upon your request, we will delete or return all personal data in our possession and delete existing copies, unless applicable law requires retention. You may request a machine-readable export of your data at any time.

08

Supervisory Authority

Our lead supervisory authority is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW), as ${siteConfig.name} is established in Heidelberg, Baden-Württemberg, Germany. You also have the right to lodge a complaint with any EU supervisory authority.

Part 3: Cookie Policy

We use a minimal set of cookies. Here’s exactly what we set, why, and how you can control them.

Cookie Policy Contents

  1. 01 What Are Cookies?
  2. 02 Essential Cookies
  3. 03 Analytics Cookies
  4. 04 What We Do Not Use
  5. 05 Third-Party Cookies
  6. 06 Managing Your Cookie Preferences
  7. 07 Cookie Retention Periods
  8. 08 Legal Basis
  9. 09 Changes to This Policy

Privacy, Data & Cookie Enquiries

To exercise any GDPR right, request a signed DPA, ask about our cookie practices, or raise any privacy concern, contact us at

[email protected]

We will respond to all legitimate requests within 30 days in accordance with GDPR Article 12.