Privacy Policy
Last updated: 12 May 2026 · Effective immediately
This Privacy Policy explains how Byte-Pulse (operated by BRL Vision Solutions, Okerstr. 24, 51371 Leverkusen, Germany) collects, uses, shares, and protects information when you visit byte-pulse.net or interact with our newsletter. We operate under the European General Data Protection Regulation (GDPR / DSGVO) and the German Federal Data Protection Act (BDSG).
1. Controller
Data controller in the sense of Art. 4 (7) GDPR is:
BRL Vision Solutions
Okerstr. 24
51371 Leverkusen
Germany
Managing director: Serhat Er
Phone: +49 2143 3014059
Email: editorial@byte-pulse.net
We have not appointed a Data Protection Officer because we fall below the statutory thresholds of § 38 BDSG. Privacy enquiries are handled directly by the managing director.
2. Scope
This policy applies to byte-pulse.net, all its subdomains, and any service we operate at those URLs (article pages, newsletter signup, author pages, category indexes, RSS feeds). It does not apply to third-party sites we link to (read their own policies before submitting data there).
3. What we collect, why, and on what legal basis
3.1 Server logs
Whenever your browser loads any page or asset from our site, our hosting provider Vercel Inc. automatically records: IP address (truncated where possible), user-agent string, the URL you requested, the referring URL (if any), HTTP status, and a timestamp. Purpose: operating the site securely, debugging errors, and protecting against abuse (rate-limiting, bot detection). Retention: ≤ 30 days, then deleted by Vercel. Legal basis: Art. 6 (1)(f) GDPR — legitimate interest in a stable, secure service.
3.2 Cookies and similar technologies
Byte-Pulse itself sets the following client-side storage only:
- Consent state (
bp_consent_v1in localStorage): remembers your choice on the cookie banner so we don't ask again. Strictly necessary — set whether you accept or reject. - Newsletter cooldown (
bp_nl_v1in localStorage): prevents the newsletter modal from re-appearing for 7 days after you dismiss it. Strictly necessary for UX. - Saved articles (
bp_savedin localStorage, if you use the heart button): a local list of slugs you bookmarked. Never sent to our server.
Third-party cookies set by Cloudflare (DNS / CDN) may include __cf_bm for bot detection and cf_clearance for security challenges. These are strictly necessary for the site to load. Legal basis: Art. 6 (1)(f) GDPR.
When advertising or analytics is enabled (see §3.6 and §3.7), additional cookies are set only after your explicit consent. Legal basis: Art. 6 (1)(a) GDPR.
3.3 Article views (anonymous counter)
We increment an internal "views" counter per article so we can sort our most-read coverage. The counter is a single integer per article — no IP, no fingerprint, no user identifier is stored. Legal basis: Art. 6 (1)(f) GDPR — legitimate interest in editorial analytics.
3.4 Newsletter (Resend)
If you enter your email in the newsletter modal or footer form, we store: your email address, a confirmation token, a timestamp, and your confirmation status. You receive a one-time confirmation email; only after you click the link in that email do we add you to the daily-digest distribution. This is the double-opt-in standard required under Art. 7 GDPR.
Email delivery is handled by Resend Inc. (USA). Your email address is shared with Resend solely for the purpose of sending the confirmation and digest emails. Resend processes data under EU Standard Contractual Clauses (Art. 46 GDPR). Retention: until you unsubscribe (one-click link in every email).
Legal basis: Art. 6 (1)(a) GDPR — your explicit consent.
3.5 Contact email
If you email us at editorial@byte-pulse.net (or any byte-pulse.net address), we store your email and message contents only as long as needed to handle your enquiry, plus statutory retention (typically 6 months for general correspondence, 6 years where commercial-tax law applies).
Legal basis: Art. 6 (1)(b) GDPR (pre-contractual) or (f)(legitimate interest in answering you).
3.6 Advertising — Google AdSense (when enabled)
Once activated, byte-pulse.net displays advertisements served by Google Ireland Ltd. via Google AdSense. AdSense uses cookies and similar identifiers to serve relevant ads and to measure ad performance. Google may use information about your visits to this and other sites to provide better advertising — see Google's partner-sites policy and advertising privacy policy.
You can opt out of personalised ads in your Google Ad Settings or via aboutads.info/choices (industry-wide opt-out).
Legal basis: Art. 6 (1)(a) GDPR — your explicit consent given on our cookie banner. If you decline, AdSense is loaded in non-personalised mode (NPA) where supported.
3.7 Analytics — Vercel Analytics & Vercel Speed Insights
We use Vercel Analytics (page views, referrers, device-class aggregate) and Vercel Speed Insights (Core Web Vitals — LCP, FID, CLS). Vercel anonymises these signals on collection — no IP address, no fingerprint, no cookie is set by these tools.
Legal basis: Art. 6 (1)(f) GDPR — legitimate interest in measuring site performance. Because no personal data is collected, no consent is required (recital 26 GDPR).
3.8 Affiliate links — Amazon, Skimlinks, others
Some links on byte-pulse.net are affiliate links. When you click one, you are routed to a partner site (e.g. amazon.com, amazon.de) which sets its own cookies and may share commission with us if you purchase. We disclose this on every article via the "Sponsored · Affiliate link" label. We do not pass your data to the partner — the link click itself is the only signal.
Read Amazon's own policy at amazon.com/privacy (US) and amazon.de/datenschutz (DE).
3.9 Push notifications — OneSignal (opt-in only)
We may offer browser push notifications via OneSignal Inc. (USA). Push is strictly opt-in via the browser's native permission prompt. If you accept, OneSignal stores a push token and your topic preferences to deliver notifications. You can revoke at any time in your browser settings or by clicking "Unsubscribe" in any notification.
Legal basis: Art. 6 (1)(a) GDPR. Standard Contractual Clauses apply for the US transfer.
3.10 Hosting and CDN
Site infrastructure:
- Vercel Inc. (USA) — application hosting and edge CDN. Standard Contractual Clauses; Data Processing Addendum on file.
- Cloudflare Inc. (USA) — DNS resolution. SCCs; DPA on file.
- Turso (ChiselStrike Inc.) — database. EU region used; data processed in the EU.
3.11 AI / content tooling
Our editorial pipeline uses OpenAI and Google Gemini APIs for drafting, fact-checking, and translation. Only public source-article text and our own internal prompts are sent — no user data, no IP, no email is ever passed to these LLM providers.
3.12 Search-engine ping (IndexNow)
After every publish we ping IndexNow (Bing, Yandex, Seznam, Naver). The ping contains only the public article URL — no user data.
3.13 Social broadcast
Each published article is automatically shared to our public accounts on X (Twitter), Mastodon, and Bluesky. Only public article metadata is shared (title, excerpt, URL). No user data leaves the site.
4. International transfers
Some of our processors are located in the United States (Vercel, Cloudflare, Resend, OpenAI, Google, OneSignal). Transfers are protected by EU Standard Contractual Clauses (Art. 46 (2)(c) GDPR) and, where applicable, the EU-US Data Privacy Framework. The relevant SCCs and certifications are available on each provider's website.
5. Your rights
Under the GDPR you have the right to:
- Access — request a copy of the personal data we hold about you (Art. 15)
- Rectification — correct inaccurate data (Art. 16)
- Erasure — "right to be forgotten" (Art. 17)
- Restriction of processing (Art. 18)
- Data portability — receive your data in a machine-readable format (Art. 20)
- Object to processing based on legitimate interest (Art. 21) — including a right to object to direct marketing at any time
- Withdraw consent at any time, without effect on prior processing (Art. 7 (3))
- Lodge a complaint with the supervisory authority. In Germany this is the data- protection authority of your federal state — for our Leverkusen base that is Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestr. 2-4, 40213 Düsseldorf, +49 211 38424-0, www.ldi.nrw.de.
To exercise any of these rights, write to editorial@byte-pulse.net. We will respond within 30 days (extendable by 60 days for complex requests, with notice).
6. Retention
We delete or anonymise personal data as soon as the purpose it was collected for has been fulfilled, unless statutory retention obligations require longer storage (e.g. § 257 HGB / § 147 AO for commercial correspondence). Logs: 30 days. Newsletter: until unsubscribe. Contact mails: 6 months (24 months if a commercial relationship is established).
7. Children
Byte-Pulse does not knowingly collect data from children under 16. The newsletter signup form requires you to confirm you are of legal age in your jurisdiction. If you become aware that a minor has provided data, please contact us and we will delete it.
8. Security
All traffic to byte-pulse.net is encrypted with HTTPS (TLS 1.2+). The database is hosted in the EU with at-rest encryption. Administrative access is protected by passwords + 2FA. We follow OWASP baseline practices for the application code.
9. Changes to this policy
We may update this Privacy Policy when we add or remove services. The current version is always accessible at byte-pulse.net/privacy. Material changes will be communicated via a notice at the top of this page.
10. Contact
Privacy enquiries: editorial@byte-pulse.net