Privacy Policy

How we collect, use, and protect your personal information.

1. Information We Collect

We collect information you provide directly to us through our contact form. This includes:

Name: Required to address you personally
Email Address: Required to respond to your inquiry
Company: Optional information you may provide
Project Type: Optional information about your project
Budget Range: Optional information about your budget
Message: Required content of your inquiry

Additionally, when you submit the contact form, we automatically collect:

IP Address: Collected for security purposes (spam prevention and rate limiting). This data is stored temporarily and automatically deleted after 15 minutes.
Timestamp: The date and time of your submission

2. How We Use Your Information

We use the information we collect to:

Respond to your contact form inquiries
Communicate with you about your project or request
Prevent spam and abuse through rate limiting and IP-based security measures

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Consent (Art. 6(1)(a) GDPR): When you voluntarily submit information through our contact form, you consent to us processing that information to respond to your inquiry.
Legitimate Interest (Art. 6(1)(f) GDPR): We process IP addresses for security and spam prevention purposes, which is a legitimate interest in protecting our website and services.

3. Information Sharing and Third-Party Services

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this privacy policy.

Email Service Providers

To deliver contact form submissions via email, we use the following third-party email services:

Resend: If configured, we use Resend (resend.com) to send emails. Resend processes your contact form data (name, email, message) to deliver emails. Resend is based in the United States and may transfer data outside the EU. Resend is certified under the EU-US Data Privacy Framework. For more information, see: Resend Privacy Policy
SMTP Service: As a fallback, we may use SMTP email services provided by your hosting provider. Email data is transmitted through these services to deliver your messages.

We may also share your information in the following circumstances:

With your explicit consent
To comply with legal obligations
To protect our rights and prevent fraud

4. Data Retention and Security

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Contact Form Data: Contact form submissions (name, email, message) are retained until the inquiry is resolved and for a reasonable period thereafter (typically up to 2 years) for record-keeping purposes, unless you request earlier deletion.
IP Addresses: IP addresses collected for rate limiting are automatically deleted after 15 minutes. They are not stored permanently.
Cookie Consent: Your cookie consent preference is stored in local storage for 1 year, after which you will be asked again.

Data Security

We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

Rate limiting to prevent abuse
Spam detection and filtering
Secure transmission (HTTPS)
Input validation and sanitization

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

5. Cookies and Tracking

We use minimal browser storage for essential website functionality:

Session Storage: Used to remember if you've visited before, allowing us to skip the loading animation on page navigation. This is a technical necessity and does not track personal information.
Local Storage: Used to remember your cookie consent preference. This helps us avoid showing the consent banner on every visit.

We do not use third-party tracking cookies, analytics services, or advertising cookies. You can control cookie and storage settings through your browser preferences.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights:

Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to access that data.
Right to Rectification (Art. 16 GDPR): You have the right to have inaccurate personal data corrected.
Right to Erasure (Art. 17 GDPR): You have the right to request deletion of your personal data under certain circumstances.
Right to Restrict Processing (Art. 18 GDPR): You have the right to request restriction of processing of your personal data.
Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used format.
Right to Object (Art. 21 GDPR): You have the right to object to processing of your personal data.
Right to Withdraw Consent: If processing is based on consent, you have the right to withdraw your consent at any time.

To exercise any of these rights, please contact us using the contact information provided below.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection laws. The relevant supervisory authority for Berlin, Germany is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstraße 219

10969 Berlin, Deutschland

Website: www.datenschutz-berlin.de

7. Contact Information

If you have any questions about this privacy policy or our data practices, please contact us at:

Email: hello@maxbode.de

Address: Berlin, Germany

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

Last updated: November 2025