Privacy Policy

Last updated: 2026-02-11

1. Controller

Responsible for this website and contact form: Björn Felgner, Switzerland. Contact: bjoern@felgner.ch

2. Services We Use (Exact Stack)

• Cloudflare Pages: serves the static website.
• Cloudflare Pages Functions: handles POST /api/contact and GET /api/form-config.
• Cloudflare Turnstile: bot protection widget and server-side verification endpoint.
• Zoho Mail EU (smtp.zoho.eu): sends your message to us and sends an autoresponder to you via SMTP.
• Optional browser-side OpenPGP encryption: if selected, message content is encrypted before transmission.
• Cloudflare edge cache: temporary per-IP rate limiting counters (about 60 seconds).
• Optional alert webhook (if configured): receives technical error events only when sending fails.

3. Data We Process

• Form fields: name, email address, message text.
• Anti-abuse data: IP address, Turnstile token/result, origin header, timestamp.
• Operational metadata: response status, Cloudflare Ray ID in server error logs.
• Language preference (de/en/fr) to localize UI and autoresponder language.
• Optional sender public key, if you provide it for possible encrypted replies.

4. Purpose and Legal Basis

We process this data to answer your request, send a confirmation email, protect the form against abuse, and operate the service securely. Legal basis: pre-contractual communication and legitimate interest.

5. Recipients / Processors

Your data is processed by Cloudflare (hosting, edge runtime, bot protection) and by Zoho Mail EU (smtp.zoho.eu) for email transport. If configured, an alert webhook provider receives technical failure notifications.

6. Retention

• Submitted contact email: retained in the mailbox until the inquiry is completed and no longer required.
• Rate-limit counters in edge cache: short-lived (about 60 seconds).
• Server error logs: retained according to platform defaults and operational needs.

7. Cookies and Tracking

This contact form does not use analytics cookies for marketing/tracking. Turnstile may use technical mechanisms necessary for bot protection.

8. Your Rights

Depending on applicable law, you may request access, correction, deletion, restriction, objection, or portability. You may also lodge a complaint with a supervisory authority.

9. International Transfers

Cloud and mail providers may process data outside Switzerland/EU. We select providers that offer appropriate safeguards where required.

10. Security Measures

• TLS transport encryption in browser and SMTP transport.
• Turnstile bot verification (when configured).
• Origin validation, honeypot field, and per-IP rate limiting.
• No plaintext secrets in frontend code.

Back to contact form