Transparency, privacy, and operational safeguards.

This privacy policy explains which personal data we process on this website and for what purposes.

Controller

The controller is Amyla · Noël Sabosch (address above). Contact: info@amyla.net.

Server logs

When you access the website, we process technically necessary data to deliver the site, keep it secure, and investigate errors. This may include:

• IP address (technically required)
• date and time of access
• requested page/file
• referrer URL
• user agent / browser and system information

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a secure and stable website).

Contact requests

If you contact us via the contact form or email, we process the data you provide, for example:

• name
• email address
• message / project context
• optional: budget range

We also use a captcha to prevent automated submissions. Legal basis for handling your enquiry is Art. 6(1)(b) GDPR (pre-contractual measures) and/or Art. 6(1)(f) GDPR (efficient communication and abuse prevention).

Retention period

• Server logs: 90 days
• Health/operations logs: 30 days
• Contact enquiries: until final processing and in line with statutory retention obligations

Recipients and processors

Hosting, database operations, and email delivery are handled exclusively via Amazon Web Services (AWS) in the Frankfurt (Germany) region. AWS is used as a processor under Art. 28 GDPR.

Your rights

• access (Art. 15 GDPR)
• rectification (Art. 16 GDPR)
• erasure (Art. 17 GDPR)
• restriction (Art. 18 GDPR)
• data portability (Art. 20 GDPR)
• objection to processing based on legitimate interests (Art. 21 GDPR)

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

We use cookies to operate the website technically and—optionally—to understand which content is most helpful.

Essential cookies

These cookies are required for core functionality (e.g., security and session features). They cannot be disabled.

Analytics (opt-in)

If you consent, we use Google Analytics 4. It is only loaded after your opt-in via the cookie banner. We enable IP anonymisation.

• Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Purpose: audience measurement and website improvement
• Legal basis: consent (Art. 6(1)(a) GDPR; where applicable local cookie law)
• Withdrawal: possible at any time via “Cookie settings” in the footer or via the banner

Using Google Analytics may involve transfers to third countries (e.g., the US). The provider typically relies on EU Standard Contractual Clauses and additional safeguards.

Liability for content

We aim to keep information accurate and up to date. However, we do not warrant the correctness, completeness, or timeliness of the content.

Liability for links

This website may contain links to external sites. We have no control over their content; the respective provider is responsible for linked pages.

Copyright

Content and works created on this website are subject to copyright. Reproduction, modification, and distribution require prior written permission unless permitted by law.

We operate systems with “security by default” in mind and apply appropriate technical and organisational measures to protect data and infrastructure.

• transport encryption (HTTPS/TLS)
• kept-up-to-date software and dependency updates
• access controls on a need-to-know basis
• monitoring to detect outages and abuse

If you’d like to report a vulnerability, please email a description (including reproduction steps). We’ll respond as quickly as possible.

For client engagements, we can provide a data processing agreement (DPA) under Art. 28 GDPR on request.

• Transparent list of service providers/subprocessors on request
• Defined technical and organisational measures (TOMs)
• Support for data subject requests, incident handling, and deletion/return at the end of the engagement

Details are aligned per engagement and system landscape.