Privacy Policy

1. Data controller

The party responsible for processing data on this website (the "controller" under Art. 4 (7) GDPR) is:

2. What data is collected

Server logs (when you visit the site)

When you access this website, the hosting provider automatically processes basic technical information necessary to deliver the page to you:

• IP address
• Date and time of the request
• Page accessed
• Referrer URL (the page you came from)
• Browser type and version, operating system

This data is processed transiently for security and operational purposes (preventing abuse, ensuring availability) and is not used to create profiles of individual visitors.

Email address (when you sign up for the newsletter)

When you submit the signup form, your email address is stored so I can send you the lead magnet (the Senior Fullstack Starter Pack) and the channel newsletter. No other personal data is requested or required.

3. Why we collect it

• Server logs: to operate the site, prevent abuse, and ensure security.
• Email address: to deliver the lead magnet you requested and to send subsequent newsletter content related to the channel.

4. Lawful basis for processing

Processing is based on the following lawful bases under Art. 6 GDPR:

• Server logs — Art. 6 (1) (f) GDPR: legitimate interest in operating a secure, functional website.
• Newsletter signup — Art. 6 (1) (a) GDPR: your explicit consent, given when you submit the signup form. You can withdraw this consent at any time (see "Your rights").

5. How long we keep it

• Server logs: retained by the hosting provider per their standard retention policy (typically 7–30 days), then automatically deleted.
• Email address: retained for as long as you remain subscribed. If you unsubscribe, your address is removed from the active mailing list and (after a short technical grace period) deleted from the email service provider's records.

6. Processors and recipients

The following third parties process data on my behalf as processors under Art. 28 GDPR:

Hosting provider

This website is hosted by Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA), via Cloudflare Pages. Server logs (see section 2) are processed on their infrastructure. A data processing agreement (DPA) with Cloudflare is in place.

Email service provider

Newsletter delivery and email storage are handled by Beehiiv, Inc. (228 Park Avenue, # 2329976, New York, NY 10003, USA). When you subscribe, your email address and the subscription metadata (date, source, consent record) are transmitted to and stored by Beehiiv. A DPA with Beehiiv is in place.

No personal data is sold or shared with third parties for advertising purposes.

7. International data transfers

The email service provider (Beehiiv) is based in the United States. Data transfers to Beehiiv are protected by the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses approved by the European Commission. You can review Beehiiv's privacy practices at beehiiv.com/privacy.

8. Your rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): request confirmation of whether I process your data, and a copy of that data.
• Right to rectification (Art. 16): have inaccurate data corrected.
• Right to erasure (Art. 17): have your data deleted ("right to be forgotten").
• Right to restriction of processing (Art. 18).
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• Right to object (Art. 21).
• Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
• Right to lodge a complaint with a supervisory authority (Art. 77) — for residents of Germany, this is typically the data protection authority of the federal state in which you live. The supervisory authority responsible for the controller (Bavaria) is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach.

To exercise any of these rights, email email@mahmoud-mokaddem.com.

9. Newsletter specifics

When you sign up for the newsletter:

• You provide your email address voluntarily through the signup form.
• Your consent is recorded (date, IP, source) per Art. 7 GDPR for accountability.
• You may receive a confirmation email to verify your address (double opt-in).
• You can unsubscribe at any time by clicking the unsubscribe link in any email, or by emailing me directly. Unsubscribing removes you from all mailings; no further messages will be sent.

10. SSL/TLS encryption

For security and to protect the transmission of confidential content (such as inquiries you send to me as the site operator), this website uses SSL/TLS encryption. You can recognize an encrypted connection by the address bar showing "https://" instead of "http://" and the padlock symbol in your browser.

When SSL/TLS encryption is active, the data you transmit cannot be read by third parties.

11. Cookies and tracking

This website does not set cookies for tracking or analytics purposes. Strictly necessary cookies may be set by the hosting provider for technical operation (e.g., load balancing); these do not require consent under § 25 (2) TDDDG (the German implementation of the ePrivacy directive, formerly TTDSG).

Note: when third-party widgets such as the Beehiiv subscribe form are added, they may set additional cookies. This policy will be updated to reflect any such cookies and your options for managing them.

12. Objection to advertising emails

The use of contact data published in the legal notice (Impressum) for the purpose of sending unsolicited advertising and informational materials is hereby expressly prohibited. The site operator expressly reserves the right to take legal action in the event of unsolicited advertising material being sent, for example via spam emails.

13. Changes to this policy

This policy may be updated to reflect changes in the website, the services used, or applicable law. The current version is always available at this URL with the "Last updated" date at the top.

14. Contact

For any privacy-related questions or to exercise your rights, contact: