Privacy Policy

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Carlo Nölle

Bonner Straße 18

50677 Cologne

Germany

Email: hello@codeattack.io

Phone: +49 221 42364393

No data protection officer has been appointed, as the requirements under Art. 37 GDPR are not met.

We only process personal data to the extent necessary for the provision of our website and services. Processing is carried out exclusively for the following purposes:

– Provision and delivery of the website (hosting)

– Responding to contact inquiries

– Statistical analysis of website usage (without personal reference)

We do not sell data to third parties and do not engage in profiling.

The processing of personal data is based on the following legal grounds:

– Art. 6(1)(b) GDPR: Performance of a contract or pre-contractual measures (e.g., contact inquiries regarding our services)

– Art. 6(1)(f) GDPR: Legitimate interest (e.g., technically necessary operation of the website, abuse prevention)

We do not currently obtain consent (Art. 6(1)(a) GDPR), as we do not use any services that require consent.

Our website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA).

When you visit our website, the hosting provider automatically processes technical data transmitted by your browser. This includes:

– IP address (truncated)

– Date and time of access

– Requested URL / page visited

– Referrer URL (previously visited page)

– Browser type and version

– Operating system

This processing is technically necessary to deliver the website. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the stable provision of the website).

Vercel is a US-based company. Data transfers to the USA are carried out on the basis of Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. More information: https://vercel.com/legal/privacy-policy

The hosting provider collects and stores information in so-called server log files that your browser automatically transmits. The data mentioned above under "Hosting" is typically stored for a maximum of 30 days and serves exclusively to ensure trouble-free operation.

This data is not merged with other data sources. It is not possible for us to identify individual users based on this data.

When you use our contact form, the following data is collected and processed:

– Name (required)

– Email address (required)

– Company (optional)

– Desired service (optional)

– Budget range (optional)

– Message (required)

This data is stored in our CRM system (Twenty, self-hosted in the EU) for the purpose of processing your inquiry. No data is shared with third parties.

The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

The data will be deleted once the inquiry has been fully processed and no statutory retention obligations apply.

When you contact us by email, your email address and the content of the message are processed for the purpose of handling your inquiry. The legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

We use Umami, a privacy-friendly open-source analytics tool that runs on our own infrastructure (self-hosted in the EU).

Umami does not collect any personal data. Specifically:

– No cookies are set

– No IP addresses are stored

– No cross-device tracking takes place

– No fingerprints are created

– No data is shared with third parties

Umami collects exclusively aggregated, anonymous usage statistics such as page views, session duration, and country of origin (based on the IP address, which is not stored).

Since no personal data is processed, neither consent nor a cookie banner is required for the use of Umami.

This website does not use cookies. No tracking cookies, analytics cookies, or marketing cookies are set. A cookie banner is therefore not required.

We use the Geist Sans and Geist Mono typefaces. These fonts are served locally with the website (self-hosted via next/font). No connections to external font servers (e.g., Google Fonts) are established. No data is transferred to third parties in this context.

As a data subject, you are entitled to the following rights under the GDPR:

– Right of access (Art. 15 GDPR): You may request information about the personal data we process.

– Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data.

– Right to erasure (Art. 17 GDPR): You may request the deletion of your data, provided no statutory retention obligations apply.

– Right to restriction of processing (Art. 18 GDPR): You may request the restriction of processing of your data.

– Right to data portability (Art. 20 GDPR): You may request that we provide your data in a machine-readable format.

– Right to object (Art. 21 GDPR): You may object to the processing of your data at any time, provided the processing is based on a legitimate interest.

To exercise your rights, contact us at: hello@codeattack.io

You also have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Postfach 20 04 44

40102 Düsseldorf

https://www.ldi.nrw.de

This privacy policy is currently valid as of March 2026. Due to further development of our website or changes in legal or regulatory requirements, it may become necessary to update this privacy policy.