Privacy Policy

Last updated: 23 April 2026

1. Controller

The controller under the GDPR is:

René Zander Langer See 29A 15754 Heidesee Germany Email: [email protected] Phone: +49 156 78 43 65 34

2. Overview

I process personal data only to the extent necessary to provide a functioning website and to deliver my content and services. Legal bases are Art. 6(1)(a), (b), and (f) GDPR.

3. Hosting

The site is served via Cloudflare Pages (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare processes connection data (IP address, timestamp, HTTP headers, referrer) for content delivery, DDoS protection, and security (Art. 6(1)(f) GDPR). Processing is based on the EU Standard Contractual Clauses. More: https://www.cloudflare.com/privacypolicy/.

4. Server log files

When you visit the site, the hosting provider automatically collects information (server log files) including:

  • IP address
  • date and time of request
  • URL accessed
  • user agent (browser / OS)
  • referrer URL

These data are used for delivery of the site and to maintain security (Art. 6(1)(f) GDPR) and are deleted or anonymized after a short period.

5. Cookies and local storage

No advertising cookies are used. Used only:

  • Language preference cookie (lang): stores your DE/EN choice. Lifetime: 1 year. Legal basis: Art. 6(1)(f) GDPR (functionally necessary).
  • Session storage: one-time attribution of a traffic source per browsing session, and for the AI assistant (see section 11) — valid only for the current session and cleared when you close the browser tab. The analytics-related session data is set only with your consent (see section 6).
  • Consent record (rz_consent, local in your browser): stores your decision on the analytics banner. Legal basis: § 25(2) TDDDG (strictly necessary to remember your choice).

For reach measurement I use PostHog (PostHog EU hosting, Porzellanhof 4, 1010 Vienna, Austria). PostHog captures pseudonymized data on page views, duration, browser, OS, and click interactions. IP addresses are truncated; no personal profiles are built.

PostHog is only loaded and activated after your explicit consent. A consent banner appears on your first visit. Until you agree there, no analytics data is collected and no corresponding information is stored on or read from your device. Essential site functions are unaffected.

Legal basis: Art. 6(1)(a) GDPR (consent) and § 25(1) TDDDG for storing or accessing information on your device.

Data is processed in the EU. More: https://posthog.com/privacy.

Withdrawal: you can withdraw your consent at any time with future effect via the “Cookie settings” link in the footer of this site. Alternatively, you can visit with a tracker-blocking browser.

7. Contact

7.1 Email and phone

If you contact me by email or phone, your data are stored for processing your request and for any follow-up (Art. 6(1)(b) or (f) GDPR).

7.2 Contact form (scoping / checklist)

If you use a form on this site, I process the data you provide (name, email, further details) to handle your request. Data is stored in Cloudflare KV (Europe). I additionally receive a notification via the Telegram Bot API (Telegram Messenger Inc.). I use Telegram only for internal notification; Telegram processes the data on its servers. Legal basis: Art. 6(1)(b) or (f) GDPR.

7.3 Spam protection: hCaptcha

To protect forms from automated submissions I use hCaptcha (Intuition Machines, Inc.). hCaptcha processes device and usage data to distinguish humans from bots. Legal basis: Art. 6(1)(f) GDPR. Details: https://www.hcaptcha.com/privacy.

7.4 Appointment booking: Cal.com

For online booking of conversations I use Cal.com (cal.com, c/o Cal.com, Inc.). On booking, name, email, and appointment details are transmitted to Cal.com. Legal basis: Art. 6(1)(b) GDPR. Details: https://cal.com/privacy.

The site contains links to external services (e.g. LinkedIn, GitHub, Hugging Face, dev.to). When you follow these links, information is transmitted to the respective operators. I have no influence over their data processing; please consult their privacy statements.

9. Your rights

You have the following rights vis-à-vis me as controller:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Data portability (Art. 20 GDPR)
  • Withdrawal of consent (Art. 7(3) GDPR)

To exercise your rights, an informal message to [email protected] is sufficient.

10. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The competent authority for me is the Berlin Commissioner for Data Protection and Freedom of Information.

11. AI assistant “Ask AI”

This website offers an “Ask AI” chat panel where you can ask questions about my content and services. Use is voluntary: the assistant processes content data only when you actively use it. The panel may open itself once per session; that is a display action only and transmits no data on its own.

How a request works. The question you type is sent, together with technical context signals, to my service ask.renezander.com (server located in the EU). The service looks for the answer only within the public content of this website and generates the reply using a language model. For generation, the text is passed to OpenRouter, Inc. (USA) as a technical router, which forwards it to the Google Gemini model. Please do not enter sensitive personal data into the chat field. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing helpful, instant information); the transfer to the USA is based on the EU Standard Contractual Clauses.

Context signals / personalization. So the answer fits your situation, the following signals are transmitted transiently with the request: browser language, approximate country (from Cloudflare’s country header), local time, the page you are currently on, the pages you viewed earlier in this session, your origin (referrer/UTM), and a pseudonymous PostHog identifier. From these, a coarse classification (e.g. “technical” or “decision-maker”) is derived for the duration of the request to adapt tone and level of detail. This classification is not stored permanently, not enriched with external sources, and not linked into a cross-session profile. It is stored permanently only if you voluntarily leave contact details via the in-chat form (see section 7); in that case the classification accompanies your own enquiry.

Local storage. The assistant stores in your browser (session storage, current session only) the list of pages you viewed this session and a flag that the panel has already opened once automatically. This data leaves your browser only as part of a request you initiate.

12. Currency of this policy

As my offering evolves or legal requirements change, this policy may need to be adjusted. The current version is always available on this page.