Privacy Policy

Last updated: April 8, 2026

This Privacy Policy explains how we collect, use, and protect your personal data when you visit heartofecovillages.org or sign up for the newsletter. We follow the European Union's General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. What Data We Collect

We collect the following categories of personal data:

• Email address: provided voluntarily when you sign up for our newsletter via the signup form on this site.
• Server log data: collected automatically by our hosting provider Vercel when you visit the site. This includes your IP address, user-agent string (browser and operating system), the page requested, the HTTP referrer, and a timestamp.
• Order and shipping details: if you pre-order an issue or donate, our payment processor Stripe collects your name, email address, billing address, shipping address, and card details. Card details are handled directly by Stripe; we never see or store them.

2. Cookies and Browser Storage

This website does not set any cookies of its own and does not use localStorage or sessionStorage for tracking. There is no analytics, tracking, or advertising code on the site. Stripe Checkout, when used, sets cookies necessary to complete a payment securely.

3. Fonts and External Resources

Fonts on the React-rendered pages of this site (Fraunces, Source Serif 4, Cormorant Garamond, Inter) are sourced from Google Fonts and self-hosted by our Next.js build pipeline. No requests are made to Google servers for these pages.

The landing page (heartofecovillages.org) is currently a static HTML document that loads three additional typefaces (Old Standard TT, DM Sans, Inter) directly from fonts.googleapis.com. When you visit the landing page, your browser makes a request to Google for these font files, which Google logs in line with its own privacy policy. We're in the process of self-hosting these too.

4. Purpose and Legal Basis

Newsletter signup. We process your email address to send you the Heart of Ecovillages newsletter and updates about the magazine. The legal basis is your consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.

Pre-orders and donations. We process your name, contact details, and shipping address to fulfil your order or acknowledge your donation. The legal basis is the performance of a contract (Art. 6(1)(b) GDPR) and, for the donation acknowledgement, our legitimate interest in keeping clear records (Art. 6(1)(f) GDPR).

Server logs. We process server log data to operate the site reliably, diagnose errors, and protect against abuse. The legal basis is our legitimate interest under Art. 6(1)(f) GDPR in providing a secure and stable web service.

5. Double Opt-In

When you submit your email address, we send you a confirmation email containing a confirmation link. Your email address is only added to our subscriber list once you click this link. This double opt-in process ensures that no one else can sign you up without your knowledge. Until you confirm, your address is held only for the purpose of sending the confirmation request and is deleted if you do not confirm within a reasonable period.

6. Data Storage and Processors

We use the following service providers to host this website, deliver our newsletter, and process payments. Each acts as a processor on our behalf under a data-processing agreement (Art. 28 GDPR):

• Vercel Inc. Hosting and content delivery for the website. Vercel operates infrastructure in the European Union and the United States.
• Upstash, Inc. Managed Redis key-value store used to keep the list of confirmed subscriber email addresses. Our database is hosted in an EU region.
• Resend, Inc. Our newsletter and transactional email sender. Resend is operated by a German company and processes sending events on EU infrastructure.
• Stripe, Inc. Our payment processor for pre-orders and donations. Stripe handles card details directly and is certified to PCI DSS Level 1.

7. Retention

We keep your email address for as long as you are subscribed to the newsletter. If you withdraw your consent or unsubscribe, we delete your email address from our active subscriber list without undue delay. Server log data is retained for a short period in line with the defaults of our hosting provider Vercel and is then automatically deleted or aggregated. Order records are retained in line with bookkeeping obligations under Swiss and EU tax law.

8. Your Rights

Under the GDPR, you have the following rights regarding the personal data we hold about you:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to object (Art. 21 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR), for example, the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) or the relevant State Data Protection Authority where you live or work.

To exercise any of these rights, please email us at editor@heartofecovillages.org.

9. How to Unsubscribe

Every newsletter we send contains an unsubscribe link in the footer. Clicking it removes your email address from our subscriber list immediately. Alternatively, you can email editor@heartofecovillages.org and we will delete your address by hand.

10. International Transfers

Some of the processors we use, such as Vercel and Stripe, are headquartered in the United States and may process data outside the European Economic Area. Resend is operated by a German company but may also route traffic through processors located outside the EEA. Where this is the case, transfers take place on the basis of Standard Contractual Clauses adopted by the European Commission and, where appropriate, additional safeguards in line with Art. 46 GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we use, or legal requirements. The current version is always published on this page, and the date at the top shows when it was last updated.

12. Contact

If you have any questions about this Privacy Policy or about how we handle your personal data, please get in touch: editor@heartofecovillages.org.