Privacy.

Information on the processing of personal data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR). Plain language. No dark patterns. The minimum data needed to do the work.

VERSION2026.04 EFFECTIVE2026-04-01 DATA REGIONEU

01Data controller

The controller within the meaning of Art. 4(7) GDPR is:

CONTROLLERDaniel Scheiber
Mitterweg 56a
6020 Innsbruck, Austria

EMAILprivacy@nullfield.ai

DPONot required by law. Privacy queries handled by the founder directly.

02Scope

This notice applies to the website nullfield.ai and to communications you initiate with us by email or through the contact form. Project-specific processing is governed by the data processing agreement (DPA) signed before any engagement begins.

03Data we process

We process the minimum data needed to respond to your enquiry and run a project safely.

From contact form / email

Name, email address, company / project name (if provided)
Project type, budget range, timing (selected by you)
The free-text description you send

From visiting the site

Server access logs: IP address (truncated after 24h), user agent, requested URL, timestamp
Language preference (stored in localStorage on your device, never sent to us)

No tracking pixels. No third-party analytics. No advertising cookies.

04Legal basis

Art. 6(1)(b) GDPR — pre-contractual measures and contract performance, for any communication you initiate to discuss or run an engagement.
Art. 6(1)(f) GDPR — legitimate interest in operating, securing, and analysing the technical performance of the website (server logs).
Art. 6(1)(c) GDPR — compliance with Austrian retention obligations under § 132 BAO and § 212 UGB for invoicing data (7 years).

05Sub-processors

We use a small number of carefully selected processors. Sub-processor relationships are covered by provider terms and standard contractual clauses where applicable. Data residency in the EU wherever feasible.

HOSTINGNetlify (Website) · Hetzner FSN1 (Tools, DE)

EMAILHostinger · EU

CDN / DNSNetlify (CDN) · Hostinger (DNS)

For client engagements, all sub-processors are listed in the engagement-specific DPA before any data is shared.

06Retention

Server logs: 24 hours (full IP), then 7 days truncated for security analysis
Email enquiries that do not lead to a project: 12 months, then deleted
Project records (invoices, contracts): 7 years as required by AT tax law
Project data (code, credentials, exports): governed by the engagement DPA, deleted on handover unless retention is contractually agreed

07Your rights

Under the GDPR you have the right to:

Access (Art. 15) — confirmation of whether we process your data, and a copy
Rectification (Art. 16) — correction of inaccurate data
Erasure (Art. 17) — deletion where the legal basis no longer applies
Restriction (Art. 18) — limit processing while a query is resolved
Portability (Art. 20) — receive your data in a machine-readable format
Objection (Art. 21) — object to processing based on legitimate interest
Complaint (Art. 77) — to the Austrian Data Protection Authority (Datenschutzbehörde, www.dsb.gv.at)

To exercise any right, write to privacy@nullfield.ai. We respond within one month.

08Cookies and local storage

This site sets no cookies. We use a single localStorage entry — nf.lang — to remember your language preference between visits. It is stored on your device, never transmitted, and can be cleared via your browser at any time.

No analytics, no advertising, no fingerprinting. The site works fully without JavaScript except for the language switcher.

09Contact

Privacy queries: privacy@nullfield.ai. General contact via the contact page.