← Back to home

Privacy Policy

Last updated: April 8, 2026

This Privacy Policy explains how I collect, use, and protect your personal data when you visit heartofecovillages.org or sign up for the newsletter. I follow the European Unions General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Data Controller

The data controller responsible for personal data processed on this website is:

Florian Schmitt
Vor dem Rabensberg 9
37213 Witzenhausen
Germany

Email: editor@heartofecovillages.org

2. What Data We Collect

We collect the following categories of personal data:

  • Email address — provided voluntarily when you sign up for our newsletter via the signup form on this site.
  • Server log data — collected automatically by our hosting provider Vercel when you visit the site. This includes your IP address, user-agent string (browser and operating system), the page requested, the HTTP referrer, and a timestamp.

3. Cookies and Browser Storage

This website does not set any cookies and does not use localStorage or sessionStorage. There is no analytics, tracking, or advertising code on the site. Your visit is anonymous at the browser level.

4. Fonts and External Resources

The fonts used on this website (Fraunces, Source Serif 4, Cormorant Garamond, and Inter) are sourced from Google Fonts but are self-hosted by our Next.js build pipeline. When you visit this site, no requests are made to Google servers and no data is shared with Google. All font files are served directly from our own infrastructure.

5. Purpose and Legal Basis

  • Newsletter signup. We process your email address to send you the Heart of Ecovillages newsletter and updates about the magazine. The legal basis is your consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.
  • Server logs. We process server log data to operate the site reliably, diagnose errors, and protect against abuse. The legal basis is our legitimate interest under Art. 6(1)(f) GDPR in providing a secure and stable web service.

6. Double Opt-In

When you submit your email address, we send you a confirmation email containing a confirmation link. Your email address is only added to our subscriber list once you click this link. This double opt-in process ensures that no one else can sign you up without your knowledge. Until you confirm, your address is held only for the purpose of sending the confirmation request and is deleted if you do not confirm within a reasonable period.

7. Data Storage and Processors

We use the following service providers to host this website and to deliver our newsletter. Each acts as a processor on our behalf under a data-processing agreement (Art. 28 GDPR):

  • Vercel Inc. — hosting and content delivery for the website. Vercel operates infrastructure in the European Union and the United States.
  • Upstash, Inc. — managed Redis key-value store used to keep the list of confirmed subscriber email addresses. Our database is hosted in an EU region.
  • Amazon Web Services, Inc. (AWS SES) — our primary newsletter and transactional email sender, operating from the eu-central-1 (Frankfurt) region. The sending domain mail.heartofecovillages.org and the underlying identity are fully verified (DKIM, SPF, DMARC). Bounces and complaints are handled through an SES configuration set with SNS event notifications.
  • Resend, Inc. — used as a temporary email-sending bridge during the pre-launch phase while AWS SES production access is being provisioned. Resend is operated by a German company and processes sending events on EU infrastructure.

8. Retention

We keep your email address for as long as you are subscribed to the newsletter. If you withdraw your consent or unsubscribe, we delete your email address from our active subscriber list without undue delay. Server log data is retained for a short period in line with the defaults of our hosting provider Vercel and is then automatically deleted or aggregated.

9. Your Rights

Under the GDPR, you have the following rights regarding the personal data we hold about you:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) — for example, the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) or the relevant State Data Protection Authority where you live or work.

To exercise any of these rights, please email us at editor@heartofecovillages.org.

10. How to Unsubscribe

Every newsletter we send contains an unsubscribe link in the footer. Clicking it removes your email address from our subscriber list immediately. Alternatively, you can email editor@heartofecovillages.org and we will delete your address by hand.

11. International Transfers

Some of the processors we use, such as Vercel and Amazon Web Services, are headquartered in the United States and may process data outside the European Economic Area. Resend is operated by a German company but may also route traffic through processors located outside the EEA. Where this is the case, transfers take place on the basis of Standard Contractual Clauses adopted by the European Commission and, where appropriate, additional safeguards in line with Art. 46 GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we use, or legal requirements. The current version is always published on this page, and the date at the top shows when it was last updated.

13. Contact

If you have any questions about this Privacy Policy or about how we handle your personal data, please get in touch:

editor@heartofecovillages.org

Back to home