Plain-English summary. The legally binding version is the German Datenschutzerklärung.
What we don't do
- No tracking cookies, first-party or third-party.
- No cross-site or cross-device tracking, no device fingerprinting.
- No Google Analytics, no Matomo, no Meta Pixel, no LinkedIn or X tracking pixels.
- No Google Fonts or other US-CDN font loaders (we use system fonts only).
- No profiling, no automated decision-making.
- We do not sell or rent any data.
Aggregated analytics (Plausible CE, self-hosted)
We run a self-hosted instance of Plausible Community Edition
at analytics.kraaibeek.tech to count page views and see which countries
and referrers visitors come from. It is open-source, runs on the same
German Hetzner server as this site, and stays inside the EU.
What Plausible CE does not do:
- No cookies, ever.
- No persistent IP storage. IPs are hashed briefly for same-day deduplication and discarded at the end of the day.
- No personal identifiers, no cross-site tracking, no fingerprinting.
- Respects the browser's
Do Not Trackheader automatically.
Why no consent banner? Under § 25 TDDDG / ePrivacy, a banner is required when a site reads or writes to your device (e.g. cookies or localStorage for tracking purposes). Plausible CE writes nothing to your device, so the trigger for consent does not apply. The legal basis for the resulting aggregated processing is Art. 6 (1) (f) GDPR (legitimate interest in basic reach measurement). This position is described in detail in section 6 of the Datenschutzerklärung and matches the current German supervisory authorities' interpretation for cookieless reach measurement of this type.
If you would prefer not to be counted: enable Do Not Track
in your browser, or block the host analytics.kraaibeek.tech.
Notification signups (optional, you opt in)
If you submit the "Custom alerts" / "Daily briefing" interest form on /, /outbreak or a country page, we store your email address, your product choice, an optional country or language preference, the page you signed up from, and a proof-of-consent audit record (timestamp, IP, user-agent) on the same German server.
Double opt-in: we send one confirmation email. If you do not click the confirmation link within 7 days, your record (including IP) is deleted automatically. Once confirmed, we only contact you again if/when the product launches (one announcement email) — never a newsletter, never marketing.
Legal basis: Art. 6 (1) (a) GDPR (your consent), with Art. 7 audit log retained for 90 days after confirmation and then scrubbed. Retention: we keep your email until you unsubscribe or the product is shut down, whichever is sooner. Unsubscribe / access / deletion: email thomas@hantaflow.com with the subject "Unsubscribe" or "Data request" and we delete or return your record within 48 hours.
Sub-processor: transactional email delivery uses Resend (US-based, EU region with DPA). They process your email address solely to deliver the confirmation and any future launch email. If we ever move to a self-hosted setup we will update this section.
Server access logs
Standard HTTP access logs (IP address, timestamp, URL, user-agent, status code) are retained for up to 14 days, then deleted. They are used only for operational reasons (rate-limit detection, abuse mitigation, debugging) and are never combined with other data sources or used to build profiles. Legal basis: Art. 6 (1) (f) GDPR.
Third-party requests your browser makes
- basemaps.cartocdn.com (CARTO map tiles, USA): only on
/mapand/embed/map. CARTO sees your IP for tile requests. Transfer is covered by the EU-US Data Privacy Framework. If you do not want this, do not load those two pages — every other page works without any third-party connections. - External news links you click. Those are handled by the publisher's own privacy policy. We do not click-track outbound links.
Public JSON API and RSS feeds
/api/signals.json, the per-country and per-language JSON
endpoints, and the RSS feeds are open without authentication. Standard
server log conditions apply. A technical rate limit of ~120 requests/minute
per IP protects against abuse; over the limit you get HTTP 429.
Embeddable map
The /embed/map iframe is intentionally minimal: it does not load
Plausible or any analytics, and only fetches CARTO map tiles and our public
JSON feed. Sites embedding the map can do so without adding tracking exposure
for their own visitors.
What we publish
Signals shown on Hantaflow are derived from public sources. We do not republish article bodies — only metadata (title, source, timestamp, country tag, link) and aggregate counts. See methodology and sources.
Your rights
Under GDPR you have rights of access, rectification, erasure, restriction, objection, and portability (Art. 15-22 GDPR), and the right to lodge a complaint with a data protection authority (Art. 77 GDPR). Email thomas@hantaflow.com to exercise any of these.
Contact
Privacy questions: thomas@hantaflow.com. Full operator details: Impressum.
