Privacy Policy

The controller responsible for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is:

Hamid Aminirad
Residenzstraße 99
13409 Berlin
E-Mail: info@a11ybridge.de

1. Hosting, DNS and Email Services

  • Our website and backend infrastructure are operated on servers hosted by:
    Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (server location: Nuremberg, Germany)

  • In addition, our domain management, DNS and email services are provided by:
    one.com A/S, Kalvebod Brygge 24, 1560 Copenhagen, Denmark (domain registration/DNS and email services for @a11ybridge.de and @scienceapps.io)


A data processing agreement (DPA) has been concluded with the above providers in accordance with Art. 28 GDPR.

2. Data Collection and Processing on This Website

When visiting our website, the following data is automatically collected and stored:

  • IP address (processed as part of server and security logs; depending on the log configuration, it may be truncated/pseudonymized)
  • Date and time of access
  • Visited pages
  • Referrer URL
  • Browser type, version, language and operating system

This data is collected to ensure the functionality and security of the website. The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest).

Which data the plugin sends to our backend:

  • installation_id (pseudonymous identifier)
  • domain (host)
  • license_key_hash (pseudonymous identifier)
  • usage/quota (counts)
  • where applicable: request metadata (without IP forwarding)

purposes: license verification, quota management, abuse prevention

Server log files (web server / reverse proxy Caddy)
When our website is accessed, our web server (Caddy) automatically processes information in so-called server log files. This includes in particular: IP address, date and time of access, requested URL, HTTP method, HTTP status code, volume of data transferred, referrer where applicable, and user agent.
Purposes: Operation of the website, ensuring IT security (e.g., prevention/analysis of attacks), error analysis and tracking misuse.
Retention period: 30 days
Recipients/hosting: Hetzner Online GmbH (hosting/infrastructure, Germany – Nuremberg)
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, stable operation).

Note on email routing:
Emails sent to addresses ending with @a11ybridge.de or @scienceapps.io are processed via one.com’s email infrastructure.

Security & Abuse Prevention (Fail2ban / Server Security Logs)
To protect our infrastructure and customer data against unauthorized access attempts, brute-force attacks and abuse, we operate an intrusion prevention system (“Fail2ban”).

What happens:
Fail2ban automatically detects suspicious login attempts and abusive patterns and temporarily blocks the corresponding IP addresses.

Processed data:

  • IP address (of the attacking client)
  • date/time of the event
  • affected service / rule (“jail”), e.g. SSH login attempts (“sshd”) or WordPress login attempts (“wp-login-caddy”)
  • technical event information (e.g. ban/unban events, number of failed attempts)

Configuration (current):

  • sshd: maxretry 5 within 10 minutes (findtime), ban duration 12 hours (bantime).
  • wp-login-caddy: maxretry 5 within 10 minutes (findtime), ban duration 12 hours (bantime).
  • recidive (repeat offenders): maxretry 3 within 24 hours (findtime), ban duration 7 days (bantime).

Where the data is stored:
Fail2ban writes security logs on our servers in the file /var/log/fail2ban.log.

Retention period:
The Fail2ban log file is rotated and retained for 30 days (current log file plus several rotated archives).
Block rules (bans) are applied temporarily for the ban durations stated above;
longer retention may occur only if necessary to investigate or defend against security incidents.

Access:
Access to these logs is restricted to authorized administrators (e.g. server administrators) for security purposes.

Purpose:
Ensuring the security, integrity and availability of our systems;
preventing brute-force attacks, account compromise and abuse.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interests in maintaining the security of our systems and preventing abuse).

3. Cookies & Consent

On our pages, a consent tool is used to obtain and document consent (Cookie Notice & Compliance for GDPR/CCPA).

The cookie banner ensures that no non-essential cookies are stored before consent is given (compliant with Art. 6(1)(a) GDPR).

4. External Services and Plugins

Depending on the project and page you access, the following third-party tools and services may be used:

  • Hetzner (Hosting)
  • one.com (DNS/Email)
  • Paddle (Billing/Payments)
  • Cookie-Consent Plugin
  • Only if enabled / used on specific pages: embedded videos

If personal data is transferred to a third country, this will be carried out using appropriate safeguards (e.g. Standard Contractual Clauses) in accordance with Art. 46 GDPR, where applicable.

5. Contacting Us

When you contact us (e.g. via email or form), we collect and store the personal data you provide via email or contact form (such as name, email, message).
This processing is based on Art. 6(1)(b) GDPR (contract initiation / performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in responding to general inquiries).

6. Your Rights

As a data subject, you have the following rights under GDPR:

  • Right to access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint: You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). For Berlin, the competent authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Alt-Moabit 59–61, 10555 Berlin, email: mailbox@datenschutz-berlin.de, Website: https://www.datenschutz-berlin.de.

Please contact: info@a11ybridge.de

7. Data Retention

We only retain personal data for as long as necessary for the purposes for which it was collected, or as required by law.

Retention period:

  • free_installations: 180 days of inactivity
  • webhook_logs: 30 days
  • event_log (processed): 30 days

8. Security

We use technical and organizational security measures such as SSL encryption, firewalls, and secure server configurations to protect your personal data.

9. Changes to this Privacy Policy

We reserve the right to update this privacy policy to reflect legal requirements or changes to our services. Please check this page regularly for updates.


10. Legal Validity
This English version of the privacy policy is for informational purposes only. In case of discrepancies, the German version shall prevail.

en_USEnglish
de_DEDeutsch en_USEnglish
Scroll to Top