Privacy Policy.

claudioklaus.com is operated by Claudio Klaus (the "controller"). For any privacy question or to exercise your rights below, contact via LinkedIn.

Server-side, this site stores nothing about you. There is no account system, no analytics database, no contact form that writes to a server. The hosting provider (Cloudflare / Lovable) keeps short-lived edge access logs containing your IP address and user agent for security and abuse prevention; these are not used for profiling.

This site does not set any cookies. It does not use Google Analytics, Meta Pixel, Hotjar, fingerprinting, or any other tracking technology. That's why you don't see a cookie banner — there is nothing to consent to.

All fonts and images are served from this site's own domain. No requests are made to Google Fonts, Adobe Fonts, or any third-party CDN that would expose your IP address to an outside provider.

The newsletter form sends your email address directly to Substack, which is the data controller for newsletter subscriptions. We do not store your email on this site. You can unsubscribe at any time directly from any newsletter email.

Legal basis: your consent (GDPR Art. 6(1)(a)), given when you submit the form on Substack.

When you click an outbound link (LinkedIn, Spotify, Apple Podcasts, YouTube, Google Books, Substack), your browser communicates directly with that service under its own privacy policy. We do not pre-load or pre-connect to these services on page load.

Serving this website to your browser relies on our legitimate interest in operating a public professional presence (GDPR Art. 6(1)(f)). The newsletter relies on your consent (Art. 6(1)(a)). For visitors in Switzerland, processing aligns with the Federal Act on Data Protection (FADP / nFADP).

This site retains no personal data. Edge access logs at the hosting layer are short-lived (typically days, not months) and are not linked back to identities.

Under GDPR and the Swiss FADP, you have the right to:

• Access any personal data we hold about you
• Request correction of inaccurate data
• Request deletion ("right to be forgotten")
• Object to or restrict processing
• Request portability of your data
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority — for Switzerland, the FDPIC (EDÖB); for the EU, your local Data Protection Authority

Because this site holds no personal data, access / deletion requests for newsletter data should be directed to Substack. For anything else, reach out via LinkedIn.

The site is served exclusively over HTTPS with HSTS preload, a strict Content Security Policy, frame-ancestors denial, and modern cross-origin isolation headers. Form inputs are validated client-side with schema-based length and format checks.

If this policy changes materially, the "Last updated" date at the top will change. The current version always lives at /privacy.