Privacy Policy

In accordance with Art. 13, 14 GDPR — Last updated: May 2026

1. Controller

Schreiner Content Systems LLC
Wyoming, USA
Konrad Schreiner
30 N Gould St, Ste N
Sheridan, WY 82801, USA
Email: konrad.schrein@gmail.com
Phone: +49 157 854 714 26

A Data Protection Officer is not required pursuant to Art. 37 GDPR, as we do not meet the thresholds for appointment.

2. What data we collect and why

2.1 Website visits

When you visit our website, our server temporarily stores the following data in server logs: IP address, date and time of access, URL requested, HTTP status code, data transmitted, referrer URL, and user agent (browser/operating system).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website security and operation). Retention period: 7 days, then automatic deletion.

2.2 Account registration and authentication

Upon registration, we collect: email address (required), password (stored exclusively as argon2id hash — plaintext password never stored or transmitted unencrypted), display name (optional, recommended for communication), phone number (optional), registration timestamp, and last login timestamp.

Name and phone number are used exclusively for internal communication and for identification in response to inquiries. You can change or delete these details at any time in your account settings.

Session cookies (technically necessary, no tracking): After login, a cryptographically signed session cookie is set. It contains only an anonymous session ID and no personal data. Retention period: 30 days or until logout.

Legal basis: Art. 6(1)(b) GDPR (contract fulfillment / pre-contractual measures). Account data retention period: until account deletion, at most 3 years after last activity.

2.3 Contact inquiries

When submitting a contact inquiry, we collect: email address (required), name (optional), organization (optional), message content, IP address of the sender, and timestamp of submission.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). Retention period: 3 years.

2.4 Reading progress

For logged-in users, we store which articles you have read and to what percentage, to show your reading progress across devices.

Legal basis: Art. 6(1)(b) GDPR (contract fulfillment). Retention period: until account deletion.

2.5 Scheduling data

For scheduling appointments via Calendly, we collect: name, email address, and your chosen time slot. This data is shared with Calendly (see section 3 for details).

Legal basis: Art. 6(1)(b) GDPR (contract fulfillment). Retention period: as per Calendly's retention policy.

3. Service providers and data processors

3.1 Hosting — Hetzner Online GmbH

Our website is hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner is bound as a Data Processor pursuant to Art. 28 GDPR. Servers are located in Helsinki, Finland (EEA, ISO 27001-certified). Privacy information: hetzner.com/en/legal/privacy-policy

3.2 Email delivery — Brevo SAS

For sending transactional emails (account verification, password resets, contact confirmations, newsletters), we use Brevo SAS (formerly Sendinblue), 55 rue d'Amsterdam, 75008 Paris, France. Brevo is GDPR-compliant with data centers in the EU. Data transfer is based on EU Standard Contractual Clauses (SCCs). Privacy information: brevo.com/legal/privacypolicy

Brevo receives the following data for email delivery: recipient email address, subject line, email content, and timestamp of sending.

3.3 Scheduling — Calendly LLC

For appointment scheduling, we use Calendly LLC, 4900 Main Street, Suite 300, Downers Grove, IL 60515, USA. Calendly is a US-based service. Data transfer is based on EU Standard Contractual Clauses (SCCs). Only scheduling data (name, email, chosen time slot) is shared with Calendly. Calendly privacy policy: calendly.com/pages/privacy

4. No tracking, no advertising

We use no tracking cookies, no advertising networks, no Google Analytics, no Facebook Pixel, no social media sharing buttons with tracking functionality. Our web analytics (Umami) runs fully self-hosted on our own servers, is cookie-free and IP-anonymizing. No data is transmitted to third parties.

Technically necessary cookies (session cookie scs-session, CSRF protection cookie scs-csrf) are set without consent dialogs, as they are strictly required for secure operation of the platform (Art. 6(1)(f) GDPR).

5. Your rights

You have the following rights with respect to your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR) — account deletion available directly in account settings
• Right to restrict processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent — at any time for newsletters and other consents

To exercise your rights, please contact: konrad.schrein@gmail.com

6. Supervisory authority

You have the right to lodge a complaint with a data protection authority regarding the processing of your personal data by us. The competent authority is determined by your place of residence or the place of the alleged violation. You may contact any EU data protection authority.

Example: Berlin Commissioner for Data Protection and Freedom of Information
datenschutz-berlin.de

7. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy as needed. The current version is always available at this URL. Last updated: May 2026.