Privacy Policy
Last updated: 11 May 2026
1. Controller
The controller responsible for data processing on this site is:
Shahad Ishraqstochas.tech
Großenhainer Straße 74A
01127 Dresden
Germany
Email: admin@stochas.tech
2. Data we collect
2.1 Contact form data
When you submit the contact form on this site, we receive:
- the name you enter
- the email address you enter
- the message you write
- your IP address (used briefly for spam protection — see section 4)
- the time of submission
This data is sent to our email address (admin@stochas.tech) so we can respond to your inquiry. Form submissions are not stored in an application database; rate-limit counters containing the IP are stored separately in Cloudflare KV for about one hour (see section 4).
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures at your request — you contacted us to discuss services we may provide).
Providing this data is voluntary. Without name, email, and message we cannot answer your inquiry; that is the only consequence of not providing it.
Retention: As long as the inquiry is relevant to a possible engagement, plus six months. If no engagement results, we delete the email after six months. If we agree on an engagement, contact data is retained per our normal commercial records retention.
2.2 Server access data
When you visit any page on this site, our infrastructure provider (Cloudflare) automatically processes:
- your IP address
- the time of the request
- the page or resource requested
- your user agent (browser and OS)
- the HTTP referrer
This is necessary to deliver the page, maintain security, and detect abuse.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a stable, secure website).
Retention: short-lived, controlled by Cloudflare. We do not store these logs ourselves.
3. Anti-spam: Cloudflare Turnstile
The contact form uses Cloudflare Turnstile, a CAPTCHA alternative. According to Cloudflare's Turnstile Privacy Addendum, Turnstile collects the visitor's IP address, TLS fingerprint, user agent, the site key and origin, and additional client-side signals from the browser to determine whether the visitor is a human. Turnstile does not use cookies for tracking, does not track users across sites, and is not used for advertising.
Storing or accessing information on the visitor's device for Turnstile is justified under § 25 (2) Nr. 2 TDDDG (formerly TTDSG) as strictly necessary to provide a service the user has explicitly requested (the spam-protected contact form).
Legal basis for processing: Art. 6(1)(f) GDPR (legitimate interest in protecting the form from automated abuse).
References:
Cloudflare Turnstile Privacy Addendum: https://www.cloudflare.com/application-services/products/turnstile/privacy-addendum/
Cloudflare general privacy notice: https://www.cloudflare.com/privacypolicy/
4. Rate limiting
Your IP address is briefly stored (less than one hour) in Cloudflare KV to prevent more than a small number of submissions per IP per hour. After one hour the entry is deleted automatically.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in spam prevention).
5. Recipients of your data (processors)
We use the following processors:
- Cloudflare, Inc. (USA) — hosting, CDN, DNS, Turnstile, KV, and Email Routing. Cloudflare is certified under the EU-US Data Privacy Framework. Privacy: https://www.cloudflare.com/privacypolicy/
- Resend (Resend, Inc., USA) — outbound email delivery for contact form notifications. Resend processes the name, email, and message you submit. Resend is certified under the EU-US Data Privacy Framework. Privacy: https://resend.com/legal/privacy-policy
- Google Ireland Ltd. (Ireland) — the inbox where contact form notifications are received. Where Google Ireland transfers data to Google LLC (USA), Google LLC is certified under the EU-US Data Privacy Framework. Privacy: https://policies.google.com/privacy
Transfers to the United States rely primarily on the EU-US Data Privacy Framework (Commission adequacy decision of 10 July 2023, currently valid as of May 2026). Where any processor or sub-processor is not certified under the DPF for the relevant processing, transfers are based on EU Standard Contractual Clauses with appropriate supplementary measures.
6. Cookies
This site does not set any cookies of its own and does not use analytics. Cloudflare may set short-lived security cookies if their threat detection requires it.
7. Your rights under GDPR
You have the right to:
- request access to the personal data we hold about you (Art. 15)
- request correction of inaccurate data (Art. 16)
- request deletion of your data (Art. 17)
- request restriction of processing (Art. 18)
- receive your data in a portable format (Art. 20)
- object to processing based on legitimate interest (Art. 21)
- withdraw any consent you have given (Art. 7(3))
To exercise any of these rights, email admin@stochas.tech.
You also have the right to lodge a complaint with a supervisory authority. The competent authority for stochas.tech is:
Sächsische Datenschutz- und TransparenzbeauftragteDevrientstraße 5
01067 Dresden
Germany
https://www.saechsdsb.de
8. Automated decision-making and profiling
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.
9. Changes to this policy
We may update this policy when our processing changes (for example, adding a new processor). The "last updated" date at the top reflects the current version.