Legal

Privacy policy

Information pursuant to Art. 13 GDPR on the processing of personal data on this website.

1. Controller

Sebastian Rublewski
Spretistr. 33
81927 Munich
Germany
Email: captain@bitpanic.net

The controller within the meaning of the General Data Protection Regulation (GDPR) is the person named above.

2. Overview of processing

This personal portfolio website processes personal data only to the extent necessary to operate the site. It does not use advertising trackers, social-media plugins, or third-party analytics services (e.g. Google Analytics).

  • Providing the website and server log files (hosting)
  • Self-hosted, privacy-friendly visitor statistics (no cookies for visitors)
  • Administration area (operator only, not accessible to visitors)

3. Hosting

This website is hosted by All-Inkl.com — Neue Medien Münnich (Germany). When you access the site, the host automatically records server log files, including e.g. IP address, date and time of the request, URL accessed, browser type, and operating system.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure and stable provision of the website). Log files are retained and deleted according to the host's policies.

More information: All-Inkl privacy information (German).

4. Own visitor statistics

To understand which pages are used, this website collects lightweight visitor statistics. No cookies are set for normal visitors, and full IP addresses are not stored.

Data collected

  • Page path visited (e.g. /wiki.php or /article.php?slug=…)
  • External referrer (source page), if any
  • Time of the visit
  • A daily pseudonymous visitor hash (derived from IP address, user agent, and a daily salt — not traceable across days)
  • Whether the visit is likely from a bot

Purpose and legal basis

The purpose is to understand how this personal website is used (e.g. which projects and articles are read) so content can be maintained sensibly. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest). The interest in a privacy-friendly, self-hosted statistic without third parties outweighs the limited privacy impact, as individuals are not permanently identified.

Retention

Statistics entries are automatically deleted after 90 days.

Technical implementation

PHP pages are recorded server-side (includes/track.php). Static demo pages send a minimal visit signal to /t.php (via sendBeacon), which also transmits only the page path and referrer — no image data or demo content.

5. Cookies

The public area of this website sets no tracking cookies for visitors.

After logging in, the protected administration area (/admin/) sets a strictly necessary session cookie to maintain the operator's session. This area is not accessible to visitors. Legal basis: Art. 6 (1) (f) GDPR (security and operation of the admin area).

6. Administration area (operator only)

The non-public admin area additionally processes:

  • Session data for authentication (session cookie)
  • IP addresses of failed login attempts to prevent brute-force attacks (retention: up to 24 hours, then automatic deletion)

This processing affects only the website operator, not regular visitors.

7. In-browser demos

Some demos (e.g. the System Information Collector at /demo/sysinfo/) read device information entirely locally in your browser. This data is not sent to the server unless you choose to copy, download, or print the report yourself.

Other demos process images locally in the browser; no image data is sent to the server. Only the page visit itself may be recorded in visitor statistics (section 4).

8. External links

This website links to external pages (e.g. GitHub repositories). When you follow an external link, the privacy policies of that provider apply. No embedded third-party content (widgets, third-party iframes) is loaded.

9. Your rights

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Objection to processing based on legitimate interests (Art. 21 GDPR)
  • Data portability (Art. 20 GDPR), where applicable

To exercise your rights, contact the email address above.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

Supervisory authority (Bayern):
Bayerisches Landesamt für Datenschutz

10. Changes

This privacy policy may be updated if data processing changes. The version published on this page applies.

Last updated: June 24, 2026 · Legal notice