Privacy Policy
Last Updated: February 2026
This policy explains what data is collected, why, and how I handle your rights under the GDPR (RODO).
I am a software developer based in Poland, and I run this blog to share technical knowledge.
I use a “privacy-first” stack that favors self-hosting to keep your data under my direct control.
1. Data Controller #
The administrator of this website and the controller of your data is:
- Name: Piotr Rusin
- Location: Poland
- Contact: privacy@codomaniac.com
2. Tools / Services Used #
| Tool / Service | Category | Data Collected | Storage Location | GDPR Legal Basis |
|---|---|---|---|---|
| Remark42 | Commenting System | Username, Email, Avatar URL, IP Address, Comment content, JWT session cookies. | Self-hosted (Poland) | Consent / Legitimate Interest |
| Listmonk | Newsletter | Email address, Name (optional), IP at signup, Open/Click rates. | Self-hosted (Poland) | Consent (Double Opt-in) |
| Brevo | SMTP Relay | Email address (recipient), Email content, Delivery/Bounce logs. | EU (France/Germany) | Performance of Service |
| Cloudflare | Infrastructure | IP address, Browser metadata, Security logs. | Global Edge (EU/USA) | Legitimate Interest |
| Umami | Analytics | Page views, Country, Browser, Device, Referral source (Anonymized). | Self-hosted (Poland) | Legitimate Interest |
3. Dedicated Service Information #
Newsletter & Email Delivery (Listmonk & Brevo) #
I manage my mailing list using Listmonk (self-hosted). However, to ensure emails reach your inbox, I use Brevo (Sendinblue GmbH) as an SMTP relay.
- Data Transfer: When I send a newsletter or a comment notification, your email address and the message content are temporarily processed by Brevo.
- Compliance: Brevo is a European company based in France/Germany. Data is processed under a Data Processing Agreement (DPA) included in their Terms of Service.
- Tracking: To improve my content, I track if emails are opened or links are clicked. You can opt-out by unsubscribing.
Technical Infrastructure (Cloudflare) #
This site uses Cloudflare Pages and Cloudflare Tunnel. Cloudflare acts as a protective layer, processing your IP address to defend against attacks and optimize delivery. They may use strictly necessary cookies (e.g., __cf_bm) for bot detection.
Commenting (Remark42) #
I self-host Remark42. If you log in via GitHub, your User ID is hashed to prevent direct tracking.
- Note: Your name and comment will be public. You can delete your data at any time using the “Delete” link in the comment interface.
Analytics (Umami) #
I use self-hosted, cookieless Umami Analytics. It does not track individuals or store PII.
4. International Transfers #
While my primary databases are in Poland, services like Cloudflare or GitHub (for OAuth) may process data in the USA. These transfers are governed by the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs).
5. Your Data Protection Rights #
Under the GDPR, you have the following rights:
- Access & Portability: Request a copy of your data.
- Rectification: Correct inaccurate data.
- Erasure: Request deletion of your comments or newsletter subscription.
- Withdraw Consent: Unsubscribe from the newsletter at any time.
- Lodge a Complaint: You may contact the Polish UODO (Urząd Ochrony Danych Osobowych) if you believe your data is handled improperly.
Verification: I reserve the right to verify your identity before fulfilling a request to prevent unauthorized data access.
6. Contact #
For any queries, please reach out to privacy@codomaniac.com .