Privacy Policy

This Privacy Policy (Datenschutzerklärung) explains how personal data is processed on the grainmag editorial website at this domain, in line with the EU General Data Protection Regulation (GDPR / DSGVO). The grainmag Companion App has its own policy — see the App Privacy Policy.

1. Controller (Verantwortlicher)

Simon Lehmann
Berliner Str. 22
60311 Frankfurt am Main, Germany
Email: contact (at) simon-lehmann (dot) com

The controller decides on the purposes and means of the processing described below. Our full provider details are in the Impressum.

2. Hosting and server logs

This is a static website hosted on Cloudflare Pages, provided by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). When you visit, Cloudflare automatically processes standard server/access data — including your IP address, the requested page, referrer, date and time, and your browser’s user agent — to deliver the site, ensure stability, and protect against attacks.

  • Purpose: secure, reliable delivery of the website.
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a safe, functioning website).
  • Recipient / processor: Cloudflare, Inc., acting as our processor under a data processing agreement (Art. 28 GDPR).

We do not run our own analytics, do not set tracking or marketing cookies, and do not embed third-party fonts, scripts, or trackers that load from external servers — fonts and scripts are served from our own origin. No consent banner is therefore required for the website itself.

3. Contact form and contact by email

If you use the contact form or email us directly, we process the data you provide — your name, email address, subject, and message — to receive and respond to your enquiry. The form submits to a service running on Cloudflare Workers, which sends the message to our mailbox via Cloudflare Email Routing; we do not store form submissions in a separate database.

  • Purpose: handling and answering your enquiry.
  • Legal basis: Art. 6(1)(a) GDPR (your consent in contacting us) and, where your message relates to a contract or pre-contractual steps, Art. 6(1)(b) GDPR.
  • Recipient / processor: Cloudflare, Inc. (Workers and Email Routing), under a data processing agreement.
  • Spam protection: our forms may be protected by Cloudflare Turnstile, a privacy-friendly bot check by Cloudflare, Inc. that does not set advertising cookies. It processes technical signals to tell humans from bots, on the basis of our legitimate interest in preventing abuse (Art. 6(1)(f) GDPR).
  • Retention: we keep correspondence until your enquiry is fully resolved and delete it thereafter, unless statutory retention periods require otherwise. You can ask us to delete it sooner at any time.

4. Beta-access requests

When you request access to the app beta via the form on the /app page, we collect the name, email address, and any optional note you provide, solely to add you to the grainmag Companion App closed-testing list on Google Play and to email you the opt-in link. The form is delivered through the same Cloudflare Workers / Email Routing service described above.

  • Purpose: adding you to the closed test and sending you the opt-in link you requested.
  • Legal basis: Art. 6(1)(a) GDPR (your consent) and Art. 6(1)(b) GDPR (taking steps at your request prior to providing the requested service).
  • Recipients / processors: Cloudflare, Inc. (form transport) and, because closed testing runs on Google Play, Google Ireland Ltd. / Google LLC for the tester list.
  • Retention: we keep your details for as long as the closed test runs or until you ask us to remove you, whichever comes first. We do not use your email for marketing or newsletters, and we do not sell or share it for unrelated purposes. To be removed, email us (see section 6).

5. Transfers to third countries

Cloudflare and Google are US-based providers, so some processing may take place in the United States or other third countries. Such transfers are safeguarded by EU Standard Contractual Clauses (Art. 46 GDPR) and/or the EU–US Data Privacy Framework where the provider is certified. You can request a copy of the applicable safeguards from us.

6. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you (Art. 15);
  • rectification of inaccurate data (Art. 16);
  • erasure (Art. 17) and restriction of processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interest (Art. 21); and
  • withdraw consent at any time, with effect for the future, where processing is based on consent (Art. 7(3)) — without affecting the lawfulness of processing before withdrawal.

To exercise any of these, email contact (at) simon-lehmann (dot) com.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The authority responsible for us is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163, 65021 Wiesbaden, Germany — https://datenschutz.hessen.de

7. Changes

We may update this policy to reflect changes to the site or legal requirements. The date above reflects the latest version.