Privacy Policy

Privacy Policy

The purpose of this Privacy Policy is to provide visitors to this website with information on how we process personal data. We run this site in a way that minimizes data collection: no cookies, no cross-site trackers, and no marketing scripts. To measure website traffic, we use a cookie-free analytics service, which is described in detail below.

Controller

Digital Domination LLC
523 Jackson Street, Unit #210
Saint Paul, Minnesota 55101, USA
Email: hey@digitaldomination.xyz
Authorized representative: Alexander Kirsch-Clayton

Representative in the Union under GDPR Art. 27

Because the Controller is established outside the European Union and processes personal data of data subjects located in the Union on a regular basis, the Controller has designated a representative in the Union in writing pursuant to GDPR Art. 27. The representative serves as a point of contact for supervisory authorities and data subjects on all matters relating to the processing of personal data:

Sandra Mannigel
Email: gdpr@digitaldomination.xyz

Inquiries may be directed either to the representative or to the Controller directly at hey@digitaldomination.xyz.

Server Log Files

When you visit this website, our hosting provider (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany) automatically stores information in what are known as server log files. This information includes your IP address, the date and time you accessed the site, the referrer URL, the user agent string, and the page you requested. This data is deleted after a maximum of 14 days.

Hosting

This website is hosted on servers operated by Hetzner Online GmbH in Falkenstein, Germany. Hetzner processes data on our behalf on the basis of a data processing agreement (Art. 28 GDPR). We also use Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) as a content delivery network and to protect against attacks. Data transfers to the United States take place on the basis of the EU-US Data Privacy Framework and, in addition, the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Geolocation-Based Line in the Hero Section

A welcome message such as “Based in Berlin, building for Cologne and all of Germany” appears at the top of the homepage. Your location is determined based on the IP address of your device that accesses our server. This takes place entirely offline. We use a locally stored copy of the MaxMind GeoLite2 City database for this purpose. Your IP address never leaves our server and is not transmitted to MaxMind or any other third parties whatsoever. If the local database does not yield a match, we use the country code transmitted by Cloudflare (CF-IPCountry header) as a fallback. The IP address location is determined once per page view and is never stored.

Contact Form

When you use the contact form, we collect the information you enter (name, email address, message, and optional subject line), as well as your IP address and the time the form was submitted. We process this data in order to reply to your inquiry and, if applicable, to initiate a contractual relationship (Art. 6(1)(b) GDPR). Your data is never shared with third parties beyond the email processing providers named in the subsections below, and is deleted after 12 months at the latest, unless we are under a legal obligation to retain it for longer.

AI Reply Generation (Anthropic)

To generate the instant acknowledgment reply to your contact form submission, we transmit your name, the optional subject line, and your message—BUT NOT YOUR EMAIL ADDRESS—to Anthropic, PBC (548 Market Street, PMB 90375, San Francisco, CA 94104, USA), the provider of the Claude language model. Anthropic processes this data solely to generate the reply; per Anthropic’s standard paid API terms, inputs are retained for up to 30 days for abuse monitoring and are NOT used to train their models. A data processing agreement pursuant to Art. 28 GDPR is in place. Data transfer to the United States takes place on the basis of the EU-US Data Privacy Framework and, additionally, the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). The AI-generated reply is clearly labeled as such in the email you receive. Further information can be found in Anthropic’s privacy policy: anthropic.com/legal/privacy.

Email Delivery (Resend)

When you submit the contact form, the notification email to us and the AI-generated acknowledgment reply to you are sent via the email service provider Resend (Plus Five Five, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA). Transactional email is sent from the dedicated subdomain mail.digitaldomination.xyz to keep sending reputation isolated from our primary mailbox. Resend processes the data you enter (name, email address, subject, message) along with standard email metadata (sender, recipient, timestamp, delivery status). We use Resend’s EU region (Ireland) for sending. A data processing agreement pursuant to Art. 28 GDPR is in place. Data transfer to the United States takes place on the basis of the EU-US Data Privacy Framework and, additionally, the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). For more information, see Resend’s privacy policy: resend.com/legal.

Bot Protection for Forms (Cloudflare Turnstile)

On our form pages (the contact form and the onboarding forms), we use Cloudflare Turnstile, a cookie-free bot-protection service provided by Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA). When you open a form page, your browser loads a JavaScript widget from challenges.cloudflare.com that silently verifies in the background whether the request comes from a real browser. To classify the request, Cloudflare processes your IP address along with commonly available browser signals (user-agent, screen size, behavioral cues). NO cookies are set, no cross-site profile is built, and no personal data is permanently stored. Processing is based on our legitimate interest in protecting our forms from automated abuse (Art. 6(1)(f) GDPR). Data transfer to the U.S. is based on the EU-US Data Privacy Framework and additionally the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). On pages without a form (home, services, blog, etc.), the widget is NOT loaded. More information: cloudflare.com/privacypolicy.

Onboarding Forms

After placing an order through our website or following a consultation, you will be sent a link to an onboarding form that allows you to submit the information we need to provide the service in a structured manner (e.g., company name, contact information, domain, technical access details, brand assets, preferred dates). We collect and process data for the purpose of fulfilling the contract in accordance with Article 6(1)(b) of the GDPR. The sole internal recipient of the data is Digital Domination LLC; the data is not disclosed to third parties—with the exception of the technical service providers listed above and below (Resend for email delivery, Cloudflare Turnstile for bot protection, and Stripe for payment processing). We will retain the data you provide for the duration of the contract plus three years (to comply with statutory limitation periods), after which time it will be automatically deleted.

Stripe Payment Verification at Onboarding

When you open the onboarding form after making a payment via Stripe, we use the data collected by Stripe during the payment process (session ID, payment status, payment amount, and, if applicable, customer email) so that you can automatically skip the payment step during onboarding. This check takes place on our server in Germany; apart from the data transmitted by Stripe itself (see the Payment Processing (Stripe) section), no data is shared with third parties for this purpose.

Local Storage Usage (localStorage)

During the onboarding process, your browser will save any information you have entered into the form locally in window.localStorage (under the key onb_draft_<service>). This ensures that any information you have entered won’t be lost if you accidentally close the browser tab. This data is saved exclusively on your own device, is not transmitted to our server or to third parties, and is automatically deleted once you have successfully submitted the form. You can clear your temporary local storage at any time via your browser settings or the “Application → Storage” tab in DevTools.

TidyCal Scheduling Tool

We use TidyCal (Sumo Group, Inc., 1345 E. 6th Street Suite 125, Austin, TX 78702, USA) to schedule appointments. The calendar does not load automatically; it only loads after you actively click the “Load Calendar” button. Only after clicking this button does your browser establish a connection to TidyCal. Any data you enter into the scheduling tool is then processed by TidyCal; please review TidyCal’s Privacy Policy for further information.

Payment Processing (Stripe)

For payments made through our website, we use an external payment provider, Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”). When you click a button designated for payment, you are redirected to an external payment page operated by Stripe. When you complete a payment there, your payment data (e.g. name, company name, address, payment amount, bank details, credit card number, etc.) is processed by the payment provider for the purposes of payment handling and invoice issuance. These transactions are governed by Stripe’s respective contractual and privacy terms. We use the payment provider on the basis of Art. 6(1)(b) GDPR (contract performance) and in the interest of the smoothest, most convenient, and most secure payment process possible (Art. 6(1)(f) GDPR). Where your consent is requested for specific actions, Art. 6(1)(a) GDPR is the legal basis for processing; consents may be withdrawn at any time with effect for the future. Data transfer to the United States takes place on the basis of the EU-US Data Privacy Framework and, in addition, the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). Details are available in Stripe’s privacy policy and data processing agreement at: stripe.com/privacy and stripe.com/legal/dpa.

Invoice Generation and Archiving

After every Stripe payment, we automatically generate a PDF invoice (or a deposit invoice, final invoice, or credit note) and save it on the same Hetzner server that hosts the website. We do not use any external service to create these invoice PDFs. They are created using the mPDF PHP library, locally on the server, with no data transferred to third parties. For this purpose, we process your personal, company, and billing information (name, company name, address, VAT ID number if applicable, email address, payment amount, and Stripe identifier for matching purposes). The legal basis is Article 6(1)(b) of the GDPR (performance of a contract) and Article 6(1)(c) of the GDPR in conjunction with the retention requirements under applicable tax and commercial law. Due to this retention requirement, we keep all invoices for a period of ten years from issue.

Invoice Delivery by Email

Generated invoices are sent via email as PDF attachments. For this purpose, we use the same delivery path via Resend as the contact form confirmation email (see Contact Form section above), with the same third-country transfer safeguards (EU-US Data Privacy Framework plus EU Standard Contractual Clauses, Art. 46(2)(c) GDPR).

Cookies

This website only uses technically necessary session cookies: a short-lived anti-spam cookie when you submit the contact form, and a separate session cookie (named dd_onb) when you open an onboarding form, used for CSRF protection and to bind the session to your Stripe payment status. Neither cookie contains personal data, is shared with third parties, or persists past browser close. Additionally, while you fill out an onboarding form your browser stores the current draft locally in window.localStorage (see the Onboarding Forms section); this data never leaves your device. Your theme preference (dark/light) is also stored in localStorage and stays there. We do not use any tracking, marketing, or analytics cookies whatsoever.

Website Analytics

We use GoatCounter (self-hosted on our own server in Falkenstein) to collect anonymized, aggregated usage statistics such as page views and referrers. No IP addresses, cookies, or any other personal data are stored or transferred to third parties. For more information, visit https://www.goatcounter.com/

No Other Trackers of Any Kind

Aside from the cookie-free traffic measurement system described above, we do not use Google Analytics, Facebook Pixel, Matomo, Tag Manager, or any other third-party trackers that set cookies or create user profiles. To gain a general understanding of our website traffic, we also analyze the server log files, which are deleted after 14 days, as described above.

Your Rights Under the GDPR

You have the right of access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to processing (Art. 21). Simply send an email to hey@digitaldomination.xyz. You also have the right to lodge a complaint with a data protection supervisory authority—in Germany, this is the authority responsible for your federal state. An official list of the respective German data protection authorities and their contact information can be found here.

Amendments / Updates

This Privacy Policy was last updated on May 1, 2026. Today’s change: traffic measurement migrated from Cloudflare Web Analytics to a self-hosted GoatCounter instance. Data no longer leaves our server in Falkenstein; the previous third-country (U.S.) data transfer for traffic measurement no longer applies. Previous changes (April 26, 2026): new sections “Bot Protection for Forms (Cloudflare Turnstile)”, “Onboarding Forms” (with subsections on Stripe payment verification and local storage usage), and “Invoice Generation and Archiving” (with a subsection on invoice email delivery via Resend); Cookies section extended to mention the dd_onb session cookie; “AI Reply Generation (Anthropic)” section extended with a link to Anthropic’s privacy policy; editorial refinements to the Onboarding Forms section and the Stripe Payment Verification subsection; internal file-path references removed. Previous update (April 21, 2026): Payment Processing (Stripe) section documenting Stripe as the payment provider for direct audit purchases through our website. Previous update (April 20, 2026): AI Reply Generation (Anthropic) and Email Delivery (Resend) sections documenting the transactional email infrastructure behind our contact form. We will keep visitors informed of any significant privacy-related changes to our site here.