Hamme
A field guide to the studio Appendix B · Privacy
Appendix B · Privacy

Privacy.

Last updated: June 18, 2026

01 · Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Nicolas Autzen
Heinrich-Vogeler-Weg 18
27726 Worpswede, Germany
Email: hi@hamme.software

For any privacy-related matter — access, erasure, objection or general questions — please contact the email address above.

We are not required to appoint a data protection officer: Hamme is run as a solo business with no further employees (Section 38 of the German Federal Data Protection Act, BDSG), and we carry out no processing that would require a data protection impact assessment under Article 35 GDPR.

02 · Scope

This policy applies only to the website hamme.software and its sub-pages.

It does not apply to the apps and products from the studio (ReviewHeron, Hausbiber, Still OK, SoloWork, Dach (m²), Sturmschaden, Reax Chat) — each of those has its own privacy policy within the respective app or on its own page. If you leave this website via a link (e.g. App Store, Google Play), the privacy policy of the respective provider applies.

03 · No cookies, no tracking

This website is a purely static site and deliberately works without data-collecting components:

  • No cookies, no local/session storage — nothing is stored on or read from your device. No cookie banner is needed; no access to your device within the meaning of Section 25 of the German TDDDG takes place.
  • No tracking, no analytics, no advertising pixels, no fingerprinting.
  • No embedded third-party content — no videos, iframes, social media plugins or external scripts.
  • Self-hosted fonts — all fonts are loaded directly from hamme.software; there is no connection to Google Fonts or any other font server.
  • No data-collecting forms, no newsletter mailings, no comments. For enquiries and the ReviewHeron waitlist there is only a plain email link (see section 05).

Apart from the technically unavoidable server log (section 04), the website itself does not process any personal data.

This also applies to the ReviewHeron product page (hamme.software/apps/reviewheron): merely opening it establishes no connection to third parties. Only when you actively click “Buy” (redirect to the checkout of the payment provider Lemon Squeezy) or “Download .dmg” (download via dl.hamme.software) does a connection to the respective provider arise. The data processing of the ReviewHeron app itself — download, automatic updates and purchase — is described in the separate privacy policy for ReviewHeron.

04 · Hosting & server logs

The website is delivered via GitLab Pages, a service provided by GitLab Inc., 268 Bush Street #350, San Francisco, CA 94104, USA — our processor under Article 28 GDPR.

When a page is requested, GitLab automatically processes a technical access log: your browser’s IP address, the time of access and the page requested.

The purpose is delivering the website and detecting and preventing abuse (attacks, bots, overload) — i.e. secure, stable operation. The legal basis is Article 6(1)(f) GDPR (legitimate interest in technically sound, secure delivery). We do not identify individual visitors and do not analyse these logs.

Retention: according to GitLab, access logs are kept for 7 days and then deleted on a rolling basis — matching the German Data Protection Conference (DSK) recommendation for IP addresses in server logs.

Transfer to the USA: GitLab operates its services in the United States. The transfer is safeguarded by the EU-U.S. Data Privacy Framework (DPF), under which GitLab Inc. is certified, and additionally by the EU Standard Contractual Clauses (SCCs) under Article 46(2)(c) GDPR. A data processing addendum including the SCCs is in place with GitLab. You can check the certification at dataprivacyframework.gov and GitLab’s sub-processors at handbook.gitlab.com.

If someone shares a link to this website (e.g. on Mastodon, LinkedIn or via a messenger), that platform requests the page to generate a preview — producing the same server log, but with the platform’s IP address, not yours.

05 · Contact by email

If you write to hi@hamme.software — for instance with a question, a request, or to join the ReviewHeron waitlist — we process the data you provide (your email address, your name if given, and the content of your message) in order to handle and answer your request. A waitlist sign-up is used solely for the single launch notification — no other mailings, no sharing of your address.

Legal basis: Article 6(1)(b) GDPR where your request relates to a contract; otherwise Article 6(1)(f) GDPR (legitimate interest in answering enquiries). Retention: until your enquiry has been conclusively handled, then deleted unless statutory retention obligations apply.

Email traffic is handled by Hover (Tucows.com Co., 96 Mowat Avenue, Toronto, Ontario, Canada). Hover operates the email service as an independent controller (a telecommunications and email service), not as our processor. Canada is covered by an adequacy decision of the EU Commission (Article 45 GDPR), which carries the transfer; any further third-country transfers by Hover itself are governed by its privacy policy, which also discloses its sub-processors. Please note that unencrypted email may in principle be read by third parties in transit — choose a more secure channel for confidential information if needed.

06 · Recipients

The only recipients of personal data are GitLab Inc. (hosting, USA — processor, DPF + SCCs, see section 04) and Tucows.com Co. (Hover, Canada — email service, independent controller, see section 05). No data is passed on to advertising partners or other third parties; disclosure to authorities occurs only where we are legally obliged.

07 · Your rights

Under the GDPR you have the right of access (Art. 15), to rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection to processing based on legitimate interests (Art. 21).

A plain email to hi@hamme.software is enough — we respond free of charge and within one month at the latest.

Right to lodge a complaint (Art. 77 GDPR): you can complain to a data protection supervisory authority. The authority responsible for us is the State Commissioner for Data Protection of Lower Saxony (LfD Niedersachsen), Prinzenstraße 5, 30159 Hannover, Germany, lfd.niedersachsen.de — you may also contact the authority of your place of residence.

08 · No automated decisions

We do not use automated decision-making, including profiling, within the meaning of Article 22 GDPR.

09 · Changes

We update this policy when the underlying processing or the legal situation changes. The current version is always available at hamme.software/en/privacy. This English text is a convenience translation — the German version at hamme.software/datenschutz is authoritative and prevails in the event of any discrepancy.