Privacy Notice

This Privacy Notice explains which personal data we process when operating tldw.news. Personal data means any information that can identify you directly or indirectly.

Processing may occur when you visit the website, subscribe to the newsletter, enable embedded content, use the contact form, or sign in to protected administrative areas.

The controller responsible for this website is Andrea Tarzariol, Carl-Zeiss-Str. 15, 85521 Riemerling, Germany, email: tarzariol@gmail.com.

The controller is the person or entity that determines the purposes and means of processing personal data.

The public website is hosted on Vercel. Backend services may run on Railway. These providers may process IP addresses, requested URLs, timestamps, browser and device information, server logs, security logs, and related technical data.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is the secure, fast, and reliable delivery of the website.

More information: https://vercel.com/legal/privacy-notice and https://railway.com/legal/privacy.

We use Supabase for database, authentication, and administrative functions. This may include account data, email addresses, authentication data, session cookies, role information, newsletter records, content data, and technical logs.

Processing is necessary to provide, secure, and administer the website and internal admin areas. The legal bases are Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

More information: https://supabase.com/privacy.

When you subscribe to the newsletter, we process your email address, signup source, confirmation status, timestamps for signup, confirmation, and unsubscribe, and technical delivery information. We use a double opt-in process.

We use Mailjet, a service of the Sinch Email group, to send newsletter emails, confirmation emails, transactional emails, and contact form notifications.

Newsletter processing is based on your consent under Art. 6(1)(a) GDPR. We keep evidence of signup, confirmation, and unsubscribe based on Art. 6(1)(f) GDPR.

You can unsubscribe at any time through the unsubscribe link or unsubscribe page. After unsubscribing, we remove your address from active mailing or mark it as unsubscribed where needed to prevent further messages and preserve required evidence.

More information: https://www.mailjet.com/legal/privacy-policy/.

If you contact us through the contact form, we process the data you provide, including name, email address, subject, and message. We use this data to handle your request and follow-up questions.

The legal basis is Art. 6(1)(b) GDPR if your request relates to pre-contractual or contractual matters, and otherwise Art. 6(1)(f) GDPR.

Transmission and delivery of your request may involve our backend and email service providers.

We use Cloudflare Turnstile in the login area to reduce automated abuse, spam, and attacks on security-sensitive functions. The provider is Cloudflare, Inc.

Turnstile may process technical information such as IP address, browser and device information, interaction data, challenge status, and security signals to determine whether a request comes from a human or an automated system.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is protecting the website, user accounts, and administrative areas from abuse.

More information: https://www.cloudflare.com/privacypolicy/.

We do not load embedded YouTube videos automatically. Article pages first show a placeholder. A connection to YouTube or Google is established only after you actively enable the video.

When you enable or play a YouTube video, Google may receive your IP address, browser and device information, referrer, access time, and information about video usage. If you are logged into a Google account, Google may associate this information with that account.

In administrative and editorial workflows, we also use the YouTube API to retrieve public video metadata, channel information, thumbnails, publication dates, and video duration.

Embedded YouTube videos are loaded based on your consent under Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Editorial use of public YouTube metadata is based on Art. 6(1)(f) GDPR.

More information: https://policies.google.com/privacy, https://www.youtube.com/t/terms and https://developers.google.com/youtube/terms/developer-policies.

We use PostHog to analyze use of the website and improve the service. This may include events such as page views, newsletter subscriptions, video interactions, contact form interactions, and unsubscribes.

When you subscribe to the newsletter, your email address may be sent to PostHog as a user identifier. Event data, timestamps, URL, referrer, device and browser information, and diagnostic data may also be processed.

Processing is based on your consent under Art. 6(1)(a) GDPR and Section 25(1) TDDDG unless PostHog is used exclusively in a technically necessary and anonymized manner.

More information: https://posthog.com/privacy.

We use Vercel Web Analytics for aggregated traffic measurement. This may include page views, referrers, device, browser, country, and time information.

According to Vercel, Web Analytics is designed to work without tracking cookies and without personal identifiers for cross-site tracking.

On this website, Vercel Web Analytics is enabled only after your analytics consent. Processing is based on Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

More information: https://vercel.com/docs/analytics/privacy-policy.

Access to administrative areas may be provided through Google OAuth. If you use this function, you are redirected to Google. Google processes the data required for sign-in and, depending on your permissions, sends us your email address and authentication information.

The legal bases are Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR for secure administration of protected access.

More information: https://policies.google.com/privacy.

For editorial summaries, classifications, and internal work products, we may use AI services such as OpenRouter, OpenAI, or Google Gemini. Public video metadata, transcripts, titles, descriptions, and editorial prompts may be sent to the respective provider.

We generally do not send newsletter subscriber lists or contact form messages to these AI providers unless explicitly stated. Processing supports editorial content creation and quality assurance.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is efficient creation, analysis, and quality assurance of editorial content.

More information: https://openai.com/policies/privacy-policy/, https://openrouter.ai/privacy and https://policies.google.com/privacy.

For editorial purposes, we may retrieve transcripts of publicly available YouTube videos. We may use Supadata, Webshare proxy services, or technical interfaces for retrieving YouTube transcripts.

This may involve processing YouTube video URLs, video IDs, technical request data, and logs. The processing generally concerns publicly available video content.

The legal basis is Art. 6(1)(f) GDPR. More information: https://supadata.ai/privacy and https://policies.google.com/privacy.

We use Buffer to plan and publish editorial posts on LinkedIn and X. Drafts, post text, article URLs, scheduled publication times, status information, and technical API data may be sent to Buffer.

This processing primarily concerns our own social media publishing and internal editorial workflows. The legal basis is Art. 6(1)(f) GDPR.

More information: https://buffer.com/legal#privacy-policy, https://www.linkedin.com/legal/privacy-policy and https://x.com/privacy.

The website uses cookies, local storage, and similar technologies where needed for authentication, session management, security, newsletter interactions, YouTube consent, analytics, or technical delivery.

Strictly necessary technologies are used under Art. 6(1)(f) GDPR and Section 25(2) TDDDG. Non-essential analytics or third-party technologies are used, where required, only based on your consent.

Some providers we use are based in the United States or may process data outside the European Union or European Economic Area. These may include Vercel, Railway, Supabase, PostHog, Google/YouTube, OpenAI, OpenRouter, Buffer, Cloudflare, and Mailjet/Sinch.

Where personal data is transferred to third countries, we rely on appropriate safeguards such as EU Standard Contractual Clauses, adequacy decisions such as the EU-US Data Privacy Framework, or explicit consent under Art. 49(1)(a) GDPR where required.

We retain personal data only as long as necessary for the relevant purposes or as required by law. If you validly request deletion or withdraw consent, we delete your data unless overriding legal or legitimate reasons require further retention.

Subject to applicable law, you have rights of access, rectification, deletion, restriction of processing, data portability, and objection to certain processing. If processing is based on consent, you can withdraw consent at any time with effect for the future.

You also have the right to lodge a complaint with a competent data protection authority.

We do not sell personal data for money. We do not knowingly use personal data for cross-context behavioral advertising unless expressly described in this Privacy Notice.

Depending on applicable law, residents of certain U.S. states may have rights to know, access, correct, delete, port, and object to certain processing. Requests may be submitted through the contact details in this notice.