Privacy
What the site knows about you, and what it does not.
Stance
baki.io inverts the default web stance. Where most sites hide what they collect, this one shows you. Everything stored about your visit is visible to you at /system/your-presence, and you control what stays.
What gets stored
Three tiers, each consented to separately:
Essential - always on, because without them the site cannot function. Session identifiers, viewport dimensions, interaction state.
Engagement (Tier A + B, client-side only) - reading dwell, focus paths, preferences. Lives in your browser; never leaves your device.
Traffic (Tier C, server-side aggregates) - k-anonymized device and content-affinity stats that let the site show how it is actually being read. Opt-in.
What is never stored
- Your name, email, or any direct identifier in this site’s own datastores.
- Location data (the Ambient register mode reads only your device timezone).
- Third-party tracking scripts beyond the single Plausible analytics pixel disclosed below.
Hosting-layer transparency: see “Server access logs” below for what the origin host (SiteGround) records and what the CDN (Cloudflare) sees in transit. baki.io itself does not read or persist those logs.
Your rights
- See - everything stored is mirrored at /system/your-presence.
- Export - download a JSON file of your Tier A + B data at any time.
- Forget - wipe your local state with one click.
- Dissent - revoke consent per tier or all at once.
The full data-subject rights list under GDPR (access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to a supervisory authority) is enumerated in “Legal disclosures (GDPR Art. 13)” further down this page.
Controller
The data controller for personal data processed via baki.io is:
Baki Bektaş Berlin, Germany Email — design@baki.io
A formal Data Protection Officer (DPO) is not appointed: this is a personal site whose processing activities do not meet the thresholds set out in Art. 37 GDPR or §38 BDSG (no large-scale systematic monitoring, no special-category processing, no employee count engaging the German appointment threshold). Direct privacy correspondence to the controller email above.
Contact
For privacy questions, exercising data-subject rights, or any GDPR matter: design@baki.io. Responses are typically within 30 days as required by Art. 12(3) GDPR. Other channels are listed in /system/colophon.
Purposes and legal bases
Each data flow is processed for a specific purpose under a specific Art. 6 legal basis:
| Data flow | Purpose | Legal basis |
|---|---|---|
| Plausible analytics pixel | Aggregate page-level traffic counts (page, referrer-class, country, device-class). Cookieless; no cross-site identifier. | Art. 6(1)(f) GDPR — legitimate interest in understanding which writing is read, balanced against minimal-data design. |
| Visitor presence telemetry (localStorage Tier A/B: dwell, focus paths, preferences, drop drafts) | Personalize reading experience, surface presence at /system/your-presence, drive consent toggles. Stored client-side only. | Art. 6(1)(a) GDPR — explicit opt-in consent. Withdrawable per tier from the presence page. |
| Tier C traffic aggregates (server-side k-anonymized stats, when wired) | Show how the site is actually being read. K-anonymity threshold ≥ 5; raw events not retained. | Art. 6(1)(a) GDPR — opt-in consent. |
| Drop submissions (visitor comments via the Signal Drop compose form) | Receive visitor commentary, route through moderation queue, optionally publish on the relevant page. | Art. 6(1)(b) GDPR — performance of the implicit “publish my comment” agreement; combined with Art. 6(1)(a) consent for the act of submission. |
| Server access logs (origin: SiteGround; edge: Cloudflare) | Operate, secure, and debug the site. Detect abuse. | Art. 6(1)(f) GDPR — legitimate interest in network and information security (ref. Recital 49). |
Recipients and processors
Personal data may be processed by the following recipients, each acting as a processor under Art. 28 GDPR (Auftragsverarbeitung) where applicable:
| Recipient | Role | Data category | Location | Legal vehicle |
|---|---|---|---|---|
| Cloudflare, Inc. | CDN / reverse proxy / DNS | IP address, user agent, request URL, TLS metadata (in-transit only) | Global edge network (incl. EU + US) | DPA + Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework participant. |
| SiteGround Spain S.L. | Origin web hosting | HTTP access logs (IP, UA, path, referrer, timestamp), file-system storage of the static export | EU (Spain / Netherlands data centres) | Intra-EU processing; SiteGround DPA. |
| Plausible Insights OÜ | Privacy-focused analytics — Plausible Cloud, EU-hosted | Cookieless aggregate page events (no IP retained beyond hashing for daily uniques) | Estonia (EU) | Intra-EU processing; Plausible DPA. |
| GitHub, Inc. | Drop-submission moderation queue. The submit-drop Cloudflare Worker writes accepted submissions to a private GitHub repo via the Contents API. | Drop body text, anchor slug, visitor handle (self-chosen), trust tier, validation snapshot. No visitor IP, no UA, no Plausible identifier is sent to GitHub. | Global (US-headquartered, EU edge available) | DPA + SCCs; EU-US Data Privacy Framework participant. |
No data is sold. No data is shared with advertisers. No data is enriched against third-party identity graphs.
Retention
| Category | Retention period | Notes |
|---|---|---|
| Tier A/B engagement (localStorage) | Until you clear browser storage or click Forget at /system/your-presence. | Never transmitted; nothing for the controller to delete server-side. |
| Tier C traffic aggregates | 90 days at the aggregator level. Raw events not retained. | k ≥ 5 anonymity floor. |
| Plausible aggregate stats | Plausible’s default — page-level aggregates retained indefinitely; no per-visitor records. Daily-unique salts rotate every 24 hours. | Cookieless. No cross-day re-identification. |
| Drop submissions (accepted) | Retained on baki.io as long as the parent page is published. Deletable on request. | Public once moderated. |
| Drop submissions (rejected) | Not stored beyond the validation response. | The Worker rejects + discards in the same request. |
| Origin access logs (SiteGround) | 30 days (SiteGround default). | Not aggregated or analyzed by baki.io. |
| Cloudflare edge logs | Cloudflare’s default for the free tier (≤ 24 hours raw; aggregate metrics longer). | Not exported to baki.io. |
International transfers
baki.io is operated from Berlin, Germany. Most processing happens inside the EU/EEA (SiteGround, Plausible Cloud). Two data flows can leave the EU:
- Cloudflare routes requests through the nearest edge node, which may be a US point of presence depending on visitor location and load. Transfers are covered by Cloudflare’s Standard Contractual Clauses and its participation in the EU-US Data Privacy Framework.
- GitHub stores moderation-queue drops on US infrastructure. Transfers are covered by GitHub’s Standard Contractual Clauses and its participation in the EU-US Data Privacy Framework.
A copy of the relevant SCCs / DPF certifications can be requested from the controller email above.
Automated decision-making
None. baki.io performs no profiling, no scoring, and no automated individual decisions within the meaning of Art. 22 GDPR. Drop submissions pass through automated content validation (length, profanity, link-density, rate-limit) — these are uniform safety filters, not individual decisions, and every accepted drop is reviewed by a human (Baki) before publication.
Server access logs
Honesty over claims: when your browser hits baki.io, two systems generate access logs that the controller does not routinely read but which exist:
- Origin (SiteGround) logs each HTTP request with: IP address, User-Agent, request path, referrer, response status, timestamp. Retention ~30 days per SiteGround defaults. Used by the host for abuse detection and infrastructure operations.
- Edge (Cloudflare) sees the same fields in transit, plus TLS metadata. Cloudflare retains aggregate metrics on the free tier; raw logs are not exported to baki.io.
- Submit-drop Worker (Cloudflare Workers) processes drop submissions. The Worker does not log visitor IPs to GitHub. The moderation-queue file written to GitHub contains only the visitor’s chosen handle, trust tier, drop text, and validation snapshot. Cloudflare’s own runtime logs may briefly capture request metadata; the Worker code itself emits only generic error strings keyed on the drop id. Source:
workers/submit-drop/index.ts.
If access-log retention or contents change materially (e.g. a host migration), this section and the version stamp at the top of the page update.
Supervisory authority
For data subjects in Germany, the competent supervisory authority for this controller (resident in Berlin) is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI) Friedrichstraße 219 10969 Berlin, Germany Telephone: +49 30 13889-0 Email: mailbox@datenschutz-berlin.de Web: https://www.datenschutz-berlin.de/
Data subjects may also lodge a complaint with the supervisory authority of their EU/EEA Member State of residence, place of work, or alleged infringement (Art. 77 GDPR).
Legal disclosures (GDPR Art. 13)
For visitors in the EU, the disclosures required by GDPR Article 13 / ePrivacy Directive are summarized here in tabular form. This complements (does not replace) the plain-language stance above; if the table and prose conflict, the table is authoritative.
| Field | Value |
|---|---|
| Data controller | Baki Bektaş — design@baki.io — Berlin, Germany. |
| Data Protection Officer | None appointed; thresholds in Art. 37 GDPR / §38 BDSG not met. Privacy contact: design@baki.io. |
| Legal basis - Tier Essential | Art. 6(1)(f) GDPR — legitimate interest: the site cannot function without session identifiers and viewport dimensions. |
| Legal basis - Tier A/B (Engagement) | Art. 6(1)(a) GDPR — consent. Stored entirely client-side; never transmitted. Revocable per tier on /system/your-presence. |
| Legal basis - Tier C (Traffic) | Art. 6(1)(a) GDPR — consent. Opt-in. K-anonymized server-side aggregates. |
| Legal basis - Plausible analytics | Art. 6(1)(f) GDPR — legitimate interest. Cookieless, aggregate, no cross-site identifier. |
| Legal basis - Drop submissions | Art. 6(1)(b) GDPR (contract — “publish my comment”) combined with Art. 6(1)(a) (consent at the act of submission). |
| Legal basis - Server access logs | Art. 6(1)(f) GDPR — legitimate interest in network and information security. |
| Retention - Engagement (Tier A/B) | Until you clear browser storage or click Forget on /system/your-presence. |
| Retention - Traffic aggregates (Tier C) | 90 days; raw events not retained; k ≥ 5. |
| Retention - Plausible aggregate stats | Page-level aggregates retained per Plausible defaults; daily-unique salts rotate every 24 h. |
| Retention - Drops (accepted) | Lifetime of the parent published page; deletable on request. |
| Retention - Drops (rejected) | Not retained beyond the validation response. |
| Retention - SiteGround access logs | ~30 days (provider default). |
| Retention - Cloudflare edge logs | Free-tier defaults (≤ 24 h raw). |
| Recipients / processors | Cloudflare (CDN), SiteGround (origin host), Plausible Cloud (analytics), GitHub (moderation queue). See “Recipients and processors” beat. |
| Cookies / localStorage | No cookies set by baki.io. localStorage keys: visitor handle, presence record, preference state, drop drafts. Each clearable from /system/your-presence. |
| International transfers | Cloudflare may route via US edge (SCCs + DPF). GitHub stores moderation queue in US (SCCs + DPF). All other processing intra-EU. |
| Data-subject rights | Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), withdrawal of consent at any time (Art. 7(3)), and the right to lodge a complaint with a supervisory authority (Art. 77). Exercise via design@baki.io. |
| Supervisory authority | Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI), Friedrichstraße 219, 10969 Berlin. +49 30 13889-0. mailbox@datenschutz-berlin.de. https://www.datenschutz-berlin.de/ |
| Right to lodge a complaint | You may complain to the BlnBDI or the supervisory authority of your EU/EEA Member State at any time (Art. 77 GDPR). |
| Automated decision-making | None. No profiling, scoring, or automated individual decisions (Art. 22 GDPR). |
| Source of data | Directly from the data subject (you) via the browser. No data is acquired from third-party data brokers. |
| Statutory / contractual requirement | Provision of personal data is not a statutory or contractual requirement. You are not obliged to provide any data; declining means certain features (Tier A/B presence, drops) are unavailable. |
Changes to this policy
When this document changes, the version number at the top updates and the date of the revision is recorded. Every commit-level snapshot is auto-archived to docs/legal/privacy/ — see the revision index for the full chronology.