Privacy policy

The controller responsible for processing personal data in connection with this website is:

For privacy-related questions or requests, please contact DeepViolet by email.

This website is a B2B company website for software development services. It is intended for business visitors and potential clients, primarily in Germany, the EU and international markets.

DeepViolet processes personal data only where it is technically necessary to provide and secure the website, where information is voluntarily provided by email, or where processing is required for legal or business documentation purposes.

The website does not intentionally process children's data or special categories of personal data.

• Art. 6(1)(f) GDPR for website delivery, server logs, security, troubleshooting, Cloudflare/CDN/security functions and legitimate business communication.
• Art. 6(1)(b) GDPR for pre-contractual communication when someone contacts DeepViolet about services.
• Art. 6(1)(c) GDPR where processing is necessary to comply with legal obligations.
• Art. 6(1)(a) GDPR only if consent-based features are introduced later.

When the website is accessed, technical data is processed to deliver the requested pages and keep the website stable and secure.

Possible server log data may include IP address, date and time of request, requested URL or resource, HTTP status, user agent, referrer and error information.

Server logs are used for technical delivery, stability, troubleshooting, abuse prevention and security. They are stored only as long as technically necessary for operation and security, unless longer retention is legally required or needed to investigate abuse or security incidents.

The website is hosted on a Hetzner VPS. The server location is Germany, Nürnberg/Falkenstein.

Hetzner processes technical connection and server data as hosting provider so the website can be delivered securely and reliably. The legal basis is DeepViolet's legitimate interest in operating a stable and secure website under Art. 6(1)(f) GDPR.

Cloudflare is used or may be used for DNS, SSL/TLS, CDN/proxy, caching, DDoS protection and security features.

Cloudflare may process technical connection data such as IP addresses, request data and security-related metadata when its proxy/CDN/security features are active.

The purpose is secure and reliable website delivery, performance, abuse prevention and protection against attacks. The legal basis is Art. 6(1)(f) GDPR.

The website stores the selected light or dark theme preference in the browser's localStorage so the visual preference remains available on later visits.

Language selection is currently handled through the URL path, for example /en or /de. The current website code does not intentionally set a language cookie.

The current website code does not intentionally set tracking cookies. No cookie banner is used at launch because no analytics, tracking or advertising cookies are used. If the hosting or security setup later requires technical cookies, this information will be updated.

At launch, this website does not use a contact form. Contact is only possible by email through [email protected].

When a person contacts DeepViolet by email, the following data may be processed:

• Name, if provided.
• Email address.
• Message content.
• Phone number, if provided voluntarily.
• Technical email metadata.
• Purpose: responding to inquiries, pre-contractual communication, preparing or managing a potential business relationship and documenting business communication where required.
• Legal basis: Art. 6(1)(b) GDPR for service inquiries, Art. 6(1)(f) GDPR for general business communication and Art. 6(1)(c) GDPR where legal retention obligations apply.

DeepViolet uses Microsoft 365 as email service provider.

Depending on the configuration and support/processing circumstances, processing by Microsoft group companies or transfers outside the EU/EEA cannot be fully excluded. Where required, such transfers are based on appropriate safeguards such as EU Standard Contractual Clauses.

The website uses Next.js font handling through next/font/google. The fonts are served locally by the website build, so the browser does not make a direct request to Google Fonts when the site is loaded.

At launch, the website does not use analytics, advertising tracking, a newsletter, login, customer area, shop, registration-gated downloads, external embeds, YouTube/Vimeo/Google Maps/Calendly/GitHub widgets, reCAPTCHA, Turnstile, Sentry, Datadog, Logtail or similar external error monitoring.

Personal data is retained only as long as necessary for the respective purpose, unless statutory retention obligations require longer storage.

Email inquiries are retained as long as necessary to process the inquiry and, where applicable, according to statutory retention obligations. LocalStorage data remains in the visitor's browser until it is changed or deleted by the visitor or browser.

Personal data may be processed by technical service providers where necessary to operate the website and communication channels.

• Hetzner for hosting.
• Cloudflare for DNS, SSL/TLS, CDN/proxy, caching and security features where active.
• Microsoft 365 for email communication.

Where service providers process data outside the EU/EEA, such transfers are made only where a legal transfer mechanism is available. For Microsoft 365 and Cloudflare, transfers outside the EU/EEA cannot be fully excluded depending on configuration and support or processing circumstances. Where required, transfers are based on appropriate safeguards such as EU Standard Contractual Clauses.

Under the GDPR, data subjects may have the following rights, subject to the applicable legal requirements:

• Right of access.
• Right to rectification.
• Right to erasure.
• Right to restriction of processing.
• Right to data portability.
• Right to object.
• Right to withdraw consent where processing is based on consent.

Data subjects have the right to lodge a complaint with a competent supervisory authority. The competent Cyprus supervisory authority is:

Office of the Commissioner for Personal Data Protection, Nicosia, Cyprus.

DeepViolet does not use automated decision-making or profiling in connection with this website.

This privacy policy will be updated if the website functionality, hosting setup, service providers or processing activities change.