Privacy Policy
Last updated: 2026-05-12
This policy describes how Sub Specie (the “site”) handles personal data. It is written with the EU General Data Protection Regulation (GDPR), the ePrivacy Directive 2002/58/EC as transposed in EU member states, and the UK Privacy and Electronic Communications Regulations (PECR) in mind.
1. Controller
Data controller within the meaning of Art. 4(7) GDPR:
Jan EbbingEmail: Jan.Ebbing@posteo.de
There is no statutory obligation under Art. 37 GDPR to appoint a data protection officer for a personal blog of this size, and none is appointed.
2. What is processed and why
2.1 Hosting and server logs
The site is hosted on Cloudflare Pages. When you load a page, Cloudflare automatically processes connection metadata including your IP address, User-Agent, requested URL, referrer, and timestamp. This is necessary to transmit the page to you and to keep the service secure.
- Purpose: delivery of the site, abuse prevention, network security.
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a working, secure website).
- Recipient: Cloudflare, Inc. (US), under EU SCCs and the EU–US Data Privacy Framework.
- Retention: per Cloudflare's own retention schedule; the site operator does not store these logs independently.
2.2 Theme preference (local storage)
If you toggle the colour theme, the site stores a single value theme="light"|"dark" in your browser's localStorage. This value never leaves your device and is read
on subsequent visits to keep your preference.
- Legal basis: regulation 6(4)(b) PECR / § 25(2) TTDSG / ePrivacy strictly–necessary exemption: storage of a user-interface preference explicitly chosen by you.
2.3 Page-view counter
Each blog post displays a view counter. When you open a post, the browser
sends a request to /api/views/<slug>. The server stores
one integer per post in a Cloudflare D1 database; no IP address, identifier,
or session token is associated with the increment. The browser sets a
per-tab sessionStorage flag named viewed:<slug> so that reloads in the same tab do not inflate the count; this flag is
cleared when you close the tab.
- Purpose: displaying an aggregate read count.
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest in basic, anonymous reach measurement) and the ePrivacy strictly–necessary exemption for the session flag, which is required to make the counter meaningful for a service you explicitly requested.
- Personal data: none stored by the site beyond the aggregate counter.
2.4 Comments (Giscus)
Blog posts offer a comment section powered by Giscus, which is a wrapper around GitHub
Discussions operated by the Giscus authors. The Giscus iframe loads content
from giscus.app and api.github.com, which means
your IP address, User-Agent, and the page you are viewing are transmitted
to those services, and they may set cookies. If you sign in to comment or
react, GitHub processes your account data under GitHub's privacy statement.
- Loading: Giscus and its third-party requests are blocked by default. They only load after you click “Accept” in the consent banner or “Load comments” on a post.
- Legal basis: Art. 6(1)(a) GDPR (consent) and regulation 6 PECR / § 25(1) TTDSG (consent) for the storage and access of information on your device caused by Giscus and GitHub.
- Recipients: Giscus (operated by its maintainers) and GitHub, Inc. (US), a Microsoft subsidiary.
- Withdrawal of consent: use the “Manage consent” control below at any time to revoke; once revoked, the Giscus script will no longer be loaded on future page views.
2.5 Embedded videos (YouTube)
Some posts embed YouTube videos via the youtube-nocookie.com privacy-enhanced domain. No cookies are
set by YouTube until you click play. Once you start playback, YouTube
(Google Ireland Ltd. / Google LLC) processes data under Google's privacy policy.
2.6 Search
The on-site search downloads a static JSON index from this site and runs entirely in your browser. Your search queries are not sent to any server.
3. Cookies and similar technologies
The site itself sets no first-party cookies. The following storage is used:
| Name | Where | Purpose | Lifetime | Basis |
|---|---|---|---|---|
theme | localStorage | Remember light/dark choice | Until you clear it | Strictly necessary |
consent.v1 | localStorage | Record your consent choice | Until you clear it | Strictly necessary (record of consent) |
viewed:<slug> | sessionStorage | Dedupe view counter within a tab | Tab session | Strictly necessary |
Third-party services (Giscus, GitHub, YouTube) may set their own cookies once you have consented and loaded their content. The site operator has no access to those cookies.
4. International transfers
Cloudflare, GitHub, and Google are headquartered in the United States and may process data outside the EEA/UK. Transfers rely on the EU–US Data Privacy Framework where applicable and on Standard Contractual Clauses under Art. 46(2)(c) GDPR.
5. Your rights
Under the GDPR (and the UK GDPR), you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21), as well as the right to withdraw consent at any time without affecting prior lawful processing (Art. 7(3)). You may also lodge a complaint with a supervisory authority, for example the Berliner Beauftragte für Datenschutz und Informationsfreiheit in Germany or the Information Commissioner's Office (ICO) in the UK. To exercise any of these rights, contact the address in section 1.
Note: because the site does not store identifiers about visitors, requests for access or erasure can usually only be answered with “no personal data about you is held by this site”. If you have commented via Giscus, your comment is stored in a GitHub Discussion under your GitHub account; deletion is performed through GitHub.
6. Manage consent
You have not made a choice yet. The banner is shown on every page.
7. Changes
If the site's data processing changes materially, this page will be updated and the “Last updated” date at the top will move. There is no mailing list, so please re-read the page if you care about updates.