Privacy Policy.

1. Data Controller

The data controller within the meaning of Art. 4(7) GDPR and service provider pursuant to Art. 7 D.Lgs. 70/2003 is the natural person:

Jacob Wieser
Freelancer (libero professionista)
Widumacker 16, 39050 Jenesien / San Genesio Atesino (BZ)
South Tyrol, Italy
Trade name: method64
Email: hello@method64.com

2. Overview & Scope

This privacy policy is provided in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Italian Codice in materia di protezione dei dati personali (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018). This website collects as little personal data as possible. No cookies, embedded social media plugins, or external tracking tools are used. Data submitted through the contact form and the Climactra waitlist is processed solely to respond to your inquiry. Details on each processing activity are provided in the sections below.

3. Hosting

This website is hosted by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). When you visit the website, the server automatically records the following data in server log files:

• ─IP address of the requesting device
• ─Date and time of access
• ─Page / URL accessed
• ─Browser and operating system used
• ─Referrer URL (previously visited page)

This data is technically necessary for delivering the website and is automatically deleted after 14 days. No correlation with other data sources is performed. The servers are located in Falkenstein, Germany.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure provision of the website).

4. Fonts (Self-Hosted)

This website uses the fonts Inter, JetBrains Mono, and Plus Jakarta Sans. All fonts are served locally from the own server. No connection to external servers (such as Google Fonts) is established, and no data is transmitted to third parties.

5. Contact via Email

If you contact me by email (e.g. at the addresses listed in the legal notice), your details (name, email address, message content) are stored for processing the inquiry and for possible follow-up questions. I do not share this data without your consent. Retention period: until the communication is concluded, maximum 24 months for follow-up questions or fiscal record-keeping obligations.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures).

6. Contact Form on /kontakt

On the /kontakt page a structured inquiry form is offered. When you submit the form, I process the following data:

• ─Required fields: service selection, project description (min. 30 characters), timeframe, budget range, name, email address
• ─Optional field: company name
• ─Technically captured: your IP address (for spam protection and rate-limiting), submission timestamp, completion duration (for bot detection)
• ─Honeypot field: a field invisible to humans that bots fill in, corresponding submissions are discarded without storage

The data is transmitted via encrypted connection (HTTPS/TLS) to my self-operated backend on the same Hetzner server in Falkenstein, Germany, stored locally there in a backup log file, and forwarded by email to my IONOS mailbox. You will receive an automatic confirmation email at the address you provided.

Retention period:

• ─Backup log file on the server: 6 months from receipt, then automatic deletion
• ─Email correspondence in the mailbox: until the inquiry is concluded, maximum 24 months

Providing the data is voluntary. However, without the required fields I cannot process your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) for processing your inquiry. Art. 6(1)(f) GDPR (legitimate interest in spam and bot protection) for the technical security measures.

7. Climactra Waitlist

On the Climactra product page (/climactra) you can sign up for the waitlist. The page itself does not contain an input form: clicking the waitlist button merely opens a pre-filled email in your local mail client, so sending happens directly from your device to the method64 mailbox. Received: your email address and, optionally, hotel name and hotel size — details you add yourself in your mail client before sending the message. I process this data exclusively to inform you about the Climactra launch and to contact you in advance. You can ask to be removed from the list at any time by replying to one of my emails. Retention period: until the Climactra launch and a maximum of 12 months thereafter. Note: as the email is sent by your mail client, no data is transmitted server-side via this website, the initial communication takes place exclusively between your device and your email provider.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures).

8. Cookies & Local Storage

This website does not use cookies. Your browser's LocalStorage stores only the language code (key: "method64-lang") so that visits to the home page are automatically redirected to your last-chosen language. Your browser's SessionStorage additionally remembers whether certain one-off demo animations on the /prinzipien and /tech-stack pages have already been shown (keys: "prinzipien_demo_seen" and "techstack_demo_seen", each only with the value "1"). SessionStorage is automatically cleared when you close the browser tab. No personal data and no tracking identifiers are stored. These entries are strictly necessary for the function and operation of the website (Art. 5(3) ePrivacy Directive, "strictly necessary" exemption).

9. External Links (Instagram, LinkedIn)

This website contains links to the method64 Instagram profile and to the owner's LinkedIn profile. Clicking the Instagram link redirects you to the website of Meta Platforms Ireland Ltd., clicking the LinkedIn link to the website of LinkedIn Ireland Unlimited Company. The respective privacy policies of Meta and LinkedIn apply there. I have no control over the data collected. Simply visiting this website does not transmit any data to Meta or LinkedIn, the links are only activated upon an active click.

10. Web Analytics (Umami)

This website uses Umami Analytics in a self-hosted instance at analytics.method64.com. Umami is a privacy-friendly alternative to Google Analytics: no cookies, LocalStorage, or SessionStorage are set. Your IP address is processed exclusively in the form of a cryptographic hash (combined with the User-Agent and a daily-rotating salt) for aggregation purposes, the raw IP is never stored. There is no cross-session re-identification and no profiling. Only aggregated statistics on page views, time on page, and coarse geographic regions (country/city level) are collected.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in audience measurement to improve the service). Consent is not required as no personal data enabling re-identification is stored, the cookie consent requirements of the ePrivacy Directive do not apply, as no information whatsoever is stored on the user's device.

11. Data Processors & Sub-Processors

Carefully selected service providers are used as data processors under Art. 28 GDPR. Data processing agreements (DPAs) under Art. 28 GDPR are in place with all listed providers.

All data processing takes place exclusively on servers within the European Union. No transfers to third countries (outside the EU/EEA) occur.

12. Data Security (Art. 32 GDPR)

Technical and organisational measures are taken to protect your data against unauthorised access, loss, and manipulation:

• ─TLS encryption (TLS 1.2 or higher) for all connections between your browser and the server
• ─Up-to-date security patches on all server components
• ─Rate-limiting on the contact-form endpoint (max. 1 request per IP address per 60 seconds) to protect against flooding
• ─Bot detection via honeypot fields and minimum completion-time check
• ─Backend server access exclusively via SSH with public-key authentication
• ─Source code and server configuration are versioned via a Git repository; on substantial configuration changes, manual snapshots of the server volume are taken via Hetzner's encrypted snapshot feature

13. Automated Decision-Making & Data Protection Officer

Automated decision-making: No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place on this website. The bot detection used in the contact form (honeypot, time-check) is not a decision with legal effect, it merely discards obvious spam submissions without further storage.

Data Protection Officer (DPO): Given the size and nature of the data processing, no legal obligation to appoint a Data Protection Officer exists (Art. 37 GDPR in conjunction with the Italian Codice Privacy). Please direct privacy-related inquiries to the contact address listed in section 1.

14. Your Rights

You have the right at any time to:

• ─Information about your stored data (Art. 15 GDPR)
• ─Rectification of inaccurate data (Art. 16 GDPR)
• ─Deletion of your data (Art. 17 GDPR)
• ─Restriction of processing (Art. 18 GDPR)
• ─Data portability (Art. 20 GDPR)
• ─Objection to processing (Art. 21 GDPR)

To exercise your rights, contact: hello@method64.com

15. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for Italy (including South Tyrol) is the: