a31Labs

Privacy Policy

How we handle your data — last updated April 2026

1. Data Controller

The data controller for this website is Armin Reiter (a31 Labs / Reiter ITS), Vienna, Austria. Contact: office@a31.at.

2. Data We Collect

We only collect data you actively submit through the contact form (name, email, message) and technical data required to deliver the website (IP address, user agent, referrer) processed by our hosting provider Cloudflare.

3. Analytics

We use Plausible Analytics, a privacy-friendly, cookie-less analytics service self-hosted on our infrastructure. No personal data is collected, no cross-site tracking, no device fingerprinting. Aggregated page views and referrers are the only data recorded.

4. Contact Form

Data you submit via the contact form is forwarded to our internal notification service to respond to your enquiry. It is retained only as long as necessary to handle your request and any resulting business relationship.

5. Cookies

This site does not set any tracking cookies. Cloudflare Turnstile (our CAPTCHA provider) may set a short-lived technical cookie strictly necessary for bot protection.

6. Third-Party Services

  • Cloudflare — hosting, CDN, bot protection (Turnstile).
  • Plausible (self-hosted) — privacy-friendly analytics.

7. Your Rights (GDPR)

You have the right to access, rectify, delete, restrict processing of, and port your personal data, as well as to object to processing and to lodge a complaint with the Austrian Data Protection Authority (dsb.gv.at). To exercise your rights, email office@a31.at.

8. International Transfers

Our hosting provider Cloudflare operates globally and may process technical request data in data centres outside the European Union. Cloudflare participates in the EU-US Data Privacy Framework and relies on standard contractual clauses where applicable, providing an adequate level of protection for such transfers.

9. Retention

Contact-form submissions are retained only as long as reasonably necessary to respond to your enquiry and to fulfil any contract that results from it. Server and CDN logs produced by Cloudflare are automatically rotated according to their standard retention schedule.

10. Security

Traffic to this site is served exclusively over HTTPS with HSTS, a strict Content Security Policy, and additional hardening headers (X-Frame-Options, Referrer-Policy, Permissions-Policy). The contact form is protected by Cloudflare Turnstile to deter automated abuse without relying on invasive tracking.

11. Changes

This policy may be updated from time to time. The date above reflects the latest revision. We will not make retroactive changes that reduce your rights without giving clear notice on this page.