Website Privacy Notice

This notice explains how we process personal data when you visit heytomrw.com. It is intended to satisfy GDPR, ePrivacy, and App Store/Play Store disclosure expectations for our marketing site.

Controller

CodeThat – M. Siekmann & D. Siekmann GbR
Rathenaustraße 39, 44869 Bochum, Germany
hi@code-that.com

Scope and sources

Applies to all visits to heytomrw.com. Data comes from your browser/device and any information you voluntarily provide (e.g., email).

Data categories and purposes

• 1Server/technical data: IP address, timestamps, requested URLs, referrer (if present), user agent, HTTP headers. Purpose: deliver pages, maintain availability, prevent abuse (DDoS/bot mitigation).
• 2Logs and diagnostics: error messages, request IDs, performance metrics, status codes. Purpose: troubleshooting, incident response, security.
• 3Cookies/local storage: only essential cookies for security/session continuity; analytics cookies or similar technologies only with consent. Purpose: site operation and, with consent, measurement.
• 4Contact/support data: email address, message content, metadata from your mail provider. Purpose: respond to enquiries, support, record-keeping.
• 5Analytics (PostHog): page events, coarse region, device/OS/browser; no ad IDs, no personalized ads. Purpose: product/site improvement; only with consent where required.

Legal bases (GDPR)

Art. 6(1)(f) legitimate interests (operation, security, abuse prevention, improvement); Art. 6(1)(b) or (f) for handling contact requests; Art. 6(1)(a) for analytics where consent is required.

Retention

• •Server/diagnostic logs: typically up to 30 days for security and troubleshooting, then deleted or anonymized.
• •Contact/support emails: kept until resolved and, where applicable, for statutory archiving.
• •Analytics: retained only as needed; where possible aggregated/pseudonymized, with raw event retention typically capped at 12 months.

Recipients / processors

• •Hosting/CDN providers (EU/EEA or with appropriate safeguards)
• •PostHog (analytics processor)
• •Email provider for inbound messages
• •Security/monitoring tools as needed for incident response

Transfers outside EU/EEA

Where data leaves the EU/EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) with supplementary safeguards where required.

Cookies and consent

No advertising cookies are used. Essential cookies may be set for security and delivery. Analytics cookies or similar technologies are activated only with your consent where required; you can withdraw at any time via your browser settings or applicable consent controls.

Security

TLS in transit; least-privilege access; industry-standard hosting safeguards. No absolute guarantee of security can be given.

Your rights

Access, rectification, erasure, restriction, data portability, objection (especially to processing under Art. 6(1)(f)), withdrawal of consent with future effect, and the right to lodge a complaint with a supervisory authority.

Supervisory authority

You may contact your local authority. For our seat in North Rhine-Westphalia: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, Germany, poststelle@ldi.nrw.de.

Changes

We may update this notice; the current version is published on this page.

Data Protection Officer

No Data Protection Officer is currently appointed. Contact the controller for privacy matters.

Contact

Privacy requests: hi@code-that.com