← Back to SecMain

Privacy Policy

Last updated: March 2026

1. Data Controller

The controller responsible for processing your personal data is:

Frank Sauerburger
Lameystr. 1
79108 Freiburg
Germany
frank@sauerburger.com

2. Data We Collect and Why

2.1 Visitors browsing the site

When you visit SecMain, our web server automatically records the following data in server logs to protect the security and integrity of the service:

  • IP address and port of the requesting client
  • Browser identifier (User-Agent)
  • Date and time of the request
  • Requested URL and HTTP method
  • HTTP response status code

Legal basis: Article 6(1)(f) GDPR — legitimate interest in operating a secure and reliable service.

Retention: Log data is retained for up to 30 days and then deleted.

2.2 Registered users

When you create an account, we collect and store the following personal data to provide the SecMain service of notifications and automated security checks:

  • Email address
  • Name
  • Organisation
  • Password (stored as a secure hash — never in plain text)

Legal basis: Article 6(1)(b) GDPR — processing is necessary for the performance of a contract.

Retention: Account data is kept for as long as your account exists. You may request deletion at any time (see section 4).

3. Service Providers (Data Processors)

We engage the following service provider as a data processor under a data processing agreement in accordance with Art. 28 GDPR. This provider only processes your data on our behalf and according to our instructions:

Hetzner Online GmbH

Industriestr. 25, 91710 Gunzenhausen, Germany

Services provided: Networking and server infrastructure hosting the SecMain application and its data.

Data processed: All personal data stored or transmitted through the service (server logs, account data) passes through Hetzner's infrastructure.

Hetzner's privacy policy: hetzner.com/legal/privacy-policy

We do not sell or trade your personal data. No other third parties receive your data except where required by law.

4. Your Rights

Under the GDPR you have the following rights regarding your personal data:

  • Right of access (Art. 15) — you may request a copy of your data.
  • Right to rectification (Art. 16) — you may request correction of inaccurate data.
  • Right to erasure (Art. 17) — you may request deletion of your personal data.
  • Right to restriction (Art. 18) — you may request restricted processing.
  • Right to data portability (Art. 20) — you may request your data in a machine-readable format.
  • Right to object (Art. 21) — you may object to processing based on legitimate interests.

To exercise any of these rights, please contact us at frank@sauerburger.com.

You also have the right to lodge a complaint with a supervisory authority. In Germany, the competent authority is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg.

5. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. All data is transmitted over encrypted connections (TLS).

6. Changes to This Policy

We may update this privacy policy from time to time. The date at the top of this page indicates when the policy was last revised. Continued use of SecMain after changes constitutes acceptance of the updated policy.

7. Contact

For any questions or concerns about this privacy policy or data processing, please contact us at frank@sauerburger.com.