back to caelith labs
privacy policy · datenschutzerklärung · política de privacidad
last updated · 2026-06-16
data controller · verantwortliche stelle · responsable del tratamiento
Julián Laycock, operating Caelith Labs. Contact: julian@caelithlabs.com. Full operator details: see Impressum.
scope · geltungsbereich · ámbito
This policy covers the website caelithlabs.com and any subdomain operated by Caelith Labs. It is written to comply with the EU GDPR (Regulation 2016/679), the German BDSG, and the Spanish LOPDGDD (LO 3/2018).
what we collect · welche daten · qué datos recopilamos
Caelith Labs runs no third-party analytics, no advertising trackers, no cookies, and no behavioural fingerprinting at this time. The only personal data processed:
- Server logs (transient). When you visit the site, the hosting platform (Railway, EU region) records standard request metadata: IP address, user-agent string, requested path, response status, timestamp. Retention: ≤ 30 days.
- Email contact. If you contact us via the mailto links on the site, your email address and message contents are stored in our mailbox at IONOS (EU-hosted) for as long as the operational conversation requires.
- Lead-magnet form data. If you request a teardown, we process your email address, form source, campaign parameters, page path, timestamp, and delivery status so we can send the requested material and related follow-up emails. You can ask to be removed at any time.
fonts and assets · schriften und assets · fuentes y recursos
All fonts, images, and scripts are self-hosted on caelithlabs.com. No requests are made to Google Fonts, Adobe Fonts, gstatic.com, or any other third-party CDN from the site itself. A single static asset — the link preview image on the parent brand "caelith family" footer — points to caelith.tech, which has its own privacy policy.
legal basis · rechtsgrundlage · base jurídica
- Server logs: legitimate interest in operating, securing, and debugging the site (Art. 6(1)(f) GDPR).
- Email correspondence: pre-contractual / contractual measures or legitimate interest, depending on the conversation (Art. 6(1)(b) or (f) GDPR).
- Lead-magnet delivery and follow-up: consent when you submit the form (Art. 6(1)(a) GDPR), plus legitimate interest in preventing abuse and keeping delivery records (Art. 6(1)(f) GDPR).
website processors · auftragsverarbeiter · encargados (visitor data)
No data is shared with advertising networks, social-media trackers, or analytics providers.
engagement sub-processors · auftragsverarbeiter im rahmen von engagements · subencargados durante contratos
For paid engagements (operations sprint · automation expansion · agent build), Caelith Labs acts as a processor for the client. The following sub-processors may be engaged depending on engagement scope. The full sub-processor list per engagement is enumerated in the engagement-specific DPA (Art. 28 GDPR), template at /artefacts/dpa-template.html.
- Anthropic, PBC — Claude API (agent build engagements; LLM provider for production agents). USA, EU–US Data Privacy Framework certified. No model training on API inputs (Anthropic default). Anthropic privacy.
- Attio Ltd. — CRM (operations sprint). EU-hosted. Attio privacy.
- Calendly LLC — booking metadata (operations sprint). USA, SCCs. Calendly privacy.
- Notion Labs, Inc. — project tracking. USA, SCCs. Notion privacy.
- n8n GmbH — workflow automation (automation expansion). EU-hosted. n8n privacy.
- Per-engagement vendor APIs (e.g., DATEV, Holded, Idealista, BiPRO, WhatsApp Business) — listed explicitly in the engagement-specific DPA before processing begins.
Visitors to caelithlabs.com are NOT processed by any of the engagement sub-processors above. They appear in this notice for full transparency about the studio's data-processing posture during paid engagements.
international transfers · datenübermittlung · transferencias internacionales
Hosting and database storage for the website are operated in the EU region. Some processors named above, including email-delivery, social-automation, and source-code providers, may process data in the United States under their published transfer safeguards, DPAs, SCCs, or applicable data-transfer frameworks. Lead-magnet email or social-DM data may be transferred to those processors when you request the material.
cookies · cookies · cookies
Caelith Labs uses zero cookies on this site. No first-party, no third-party, no analytics cookies, no consent banner. Should this ever change (e.g. if Plausible Analytics or similar is added), a consent layer compliant with the ePrivacy Directive and TTDSG will be deployed and this section updated.
your rights · ihre rechte · sus derechos
Under the GDPR you have the right to:
- Access the data we hold about you (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure / "right to be forgotten" (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent at any time, where processing is based on consent (Art. 7(3))
To exercise any of these, write to julian@caelithlabs.com. We respond within 30 days.
complaint authority · beschwerdebehörde · autoridad de control
You have the right to lodge a complaint with the supervisory authority of your jurisdiction:
changes to this policy · änderungen · cambios
Material changes will be reflected in the "last updated" date above. The site is small and the policy is stable; substantive updates are rare.
impressum · legal notice · aviso legal
Full operator and contact information: /impressum.