patchletter

Privacy Policy

patchletter is built to be deliberately data-minimal: the only required datum is an email address. No tracking pixels in emails, no advertising cookies, servers in Germany.

1. Controller

Kolja Sagorski, sagorski.it, Meisterweg 16, 45896 Gelsenkirchen, Germany hello@patchletter.com

2. What data we process — and why

a) Account & sign-in (magic link)

To sign you in, we store your email address and the time of confirmation (double-opt-in record). There is no password; the sign-in link is valid for 15 minutes. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

b) Update emails

We store your subscribed products and delivery settings (frequency, time, time zone, “security only”) and a log of the notifications sent (subject, referenced releases, provider ID) for 12 months. Our emails contain no open trackers. Every email includes a one-click unsubscribe link. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

c) Deliverability events

Our mail service reports non-delivery (bounce) and complaints to us. We store these events for 24 months and suppress affected addresses from sending. Legal basis: legitimate interest in deliverability and abuse prevention (Art. 6(1)(f) GDPR).

d) Server logs

When the website is accessed, technically necessary logs are created (IP address, time, requested URL, user agent). They serve operation and attack detection and are deleted after 14 days. Legal basis: Art. 6(1)(f) GDPR.

e) Analytics (Umami)

We use the self-hosted, cookieless analytics tool Umami. No cookies are set and no cross-device profiles are created; IP addresses are not stored. Legal basis: Art. 6(1)(f) GDPR. Only technically necessary session cookies for the login are used — hence no cookie banner.

f) Tool suggestions

When you suggest a tool, we store the name/URL/note and, optionally, your email address (only to notify you if it is added).

3. Recipients & processors

No transfer to third countries takes place.

4. Retention & deletion

5. Your rights

You have the right to access, rectification, erasure, restriction of processing, data portability and objection (Art. 15–21 GDPR). To exercise them, contact hello@patchletter.com. Right to complain: the competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (Germany).

Last updated: July 2026