Privacy policy

Last Updated: November 13, 2025

Welcome to ESSO.DEV. We are committed to protecting your privacy and being transparent about how we handle your information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.

1. Information We Collect

1.1 Analytics Data (No Cookies Required)

We collect basic analytics information to understand how visitors use our website and improve user experience. We do not use cookies for analytics, and all data is collected server-side without tracking you across websites.

What we collect:

Page views: Which pages you visit on our site
Session information: Duration of your visit, pages per session
Referrer data: Where you came from (e.g., search engines, social media)
UTM parameters: Campaign tracking parameters (utm_source, utm_medium, etc.)
Device information: Browser type, operating system, screen resolution
Geographic location: Country and city (derived from IP address, but IP address is never stored)
Scroll depth: How far you scroll on pages (to improve content layout)

What we DON'T collect:

❌ IP addresses (only used temporarily to determine location, then discarded)
❌ Personally identifiable information (PII)
❌ Cross-site tracking data
❌ Cookie-based identifiers
❌ Browsing history outside our website

How it works:

We use a privacy-first, server-side analytics system built with Next.js and Strapi CMS
Session IDs are generated in your browser's sessionStorage (cleared when you close the tab)
Your IP address is used only to determine your country/city using MaxMind GeoLite2 database, then immediately discarded
All analytics data is stored on our own servers in Germany
Data is processed in batches every 10 minutes and stored anonymously

Legal basis: Legitimate interest (GDPR Article 6(1)(f)) - understanding how our website is used to improve user experience.

1.2 Contact Forms

When you contact us via email or contact forms, we collect:

Your name
Email address
Message content
Any other information you voluntarily provide

Legal basis: Contract/Pre-contractual measures (GDPR Article 6(1)(b)) or Consent (GDPR Article 6(1)(a))

Data retention: We keep contact form submissions for 2 years or until you request deletion.

1.3 Newsletter (If Applicable)

If you subscribe to our newsletter, we collect:

Email address
Name (optional)
Subscription preferences

Legal basis: Consent (GDPR Article 6(1)(a))

Your rights: You can unsubscribe at any time using the link in every email.

2. How We Use Your Information

We use the collected information for:

Website analytics: Understanding visitor behavior, popular content, traffic sources
Service improvement: Optimizing website performance, user experience, and content
Communication: Responding to your inquiries and requests
Legal compliance: Complying with applicable laws and regulations

We do NOT:

❌ Sell your data to third parties
❌ Use your data for advertising or marketing without explicit consent
❌ Share your data with third parties except as required by law
❌ Track you across other websites

3. Third-Party Services

3.1 MaxMind GeoLite2

We use the MaxMind GeoLite2 City database (hosted on our own servers) to convert IP addresses to geographic locations (country and city). The IP address is never stored - it's used only for the lookup, then immediately discarded.

MaxMind Privacy Policy: https://www.maxmind.com/en/privacy-policy

3.2 Cloudflare Turnstile (Bot Protection)

We use Cloudflare Turnstile to protect our forms (newsletter subscription, job applications, contact forms) from spam and bots. This is a privacy-respecting alternative to reCAPTCHA.

What it does:

Verifies you're a human (not a bot) before form submission
Works without solving puzzles in most cases (invisible challenge)
Does not use cookies or track you across websites

Data shared with Cloudflare:

Browser fingerprint (temporary, for bot detection only)
IP address (processed by Cloudflare, not stored by us)
Challenge interaction data

Legal basis: Legitimate interest (GDPR Article 6(1)(f)) - protecting our systems from spam and abuse.

Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

3.3 Hosting

Our website is hosted on a dedicated server in Ukraine. All data is stored on servers under our control.

3.4 Email Service Provider (If Applicable)

If we send newsletters or transactional emails, we may use third-party email service providers. We only share the minimum necessary data (email address, name) for this purpose.

4. Cookies and Local Storage

4.1 No Cookie Banner Required

We do not use cookies for analytics or tracking. Our analytics system uses browser sessionStorage which is:

Cleared automatically when you close the browser tab
Not accessible across different websites
Not considered a "cookie" under GDPR/ePrivacy Directive

Why no cookie banner?

We don't use tracking cookies
We don't use advertising cookies
We don't use third-party marketing cookies
Our analytics is entirely server-side and privacy-first

4.2 Strictly Necessary Cookies (If Any)

We may use strictly necessary cookies for:

Session management (if you log in to a user area)
Security and fraud prevention
Load balancing

These cookies are exempt from consent requirements under GDPR as they are essential for the website to function.

4.3 Local Storage

We may use browser localStorage to:

Remember your preferences (theme, language)
Cache static content for faster loading

Local storage data stays on your device and is not transmitted to our servers.

5. Data Security

We take data security seriously and implement industry-standard measures:

Encryption: All data transmitted over HTTPS/TLS
Access control: Limited access to personal data on a need-to-know basis
Server security: Regular security updates and monitoring
Backups: Regular encrypted backups stored securely

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

Analytics data: Retained indefinitely in anonymized form for statistical analysis
Contact form submissions: 2 years or until deletion requested
Newsletter subscriptions: Until you unsubscribe
IP addresses: Not stored at all (used only for geo-lookup, then discarded)

7. Your Rights (GDPR)

If you are located in the European Union or European Economic Area, you have the following rights:

7.1 Right to Access

You can request a copy of the personal data we hold about you.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances.

7.4 Right to Restrict Processing

You can request restriction of processing your personal data.

7.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

7.6 Right to Object

You can object to processing based on legitimate interests or direct marketing.

7.7 Right to Withdraw Consent

If processing is based on consent, you can withdraw it at any time.

How to exercise your rights: Contact us at [email protected] with your request. We will respond within 30 days.

8. Children's Privacy

Our website is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

9. International Data Transfers

All data is stored and processed in Ukraine on dedicated servers under our control. We do not transfer personal data to third countries outside of service operations described in this Privacy Policy (e.g., Cloudflare for bot protection, MaxMind for geolocation).

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top indicates when the policy was last revised. We encourage you to review this page periodically.

Significant changes: We will notify you via email (if we have your email address) or a prominent notice on our website.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: [email protected]
Website: https://esso.dev
Response time: We aim to respond within 48 hours

12. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe we have violated your privacy rights.

For EU/EEA residents:
You can contact your local data protection authority or the German Federal Commissioner for Data Protection:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany
Website: https://www.bfdi.bund.de

For Ukrainian residents:
Ukrainian Parliament Commissioner for Human Rights
Website: https://www.ombudsman.gov.ua

13. Compliance with Ukrainian Law

We comply with Ukrainian Law "On Personal Data Protection" (2010) and related regulations. Ukrainian users have the same rights as described in this policy, including the right to access, rectify, and delete their personal data.

Summary (TL;DR)

✅ We collect: Anonymous analytics (page views, device info, country/city)
✅ We DON'T collect: IP addresses, personal identifiable information, cookies
✅ No cookie banner needed: We use server-side analytics without tracking cookies
✅ Bot protection: Cloudflare Turnstile on forms (privacy-friendly, no puzzles)
✅ Your data stays secure: All data stored on dedicated servers in Ukraine
✅ Your rights: Access, deletion, correction - just email us
✅ GDPR compliant: Full transparency and user control

Questions? Contact us at [email protected]