Privacy Policy

Last Updated: October 2025

1. Our Commitment to Your Privacy

Your privacy is the foundation of my business. This website is designed to be a secure environment where you can engage with my work without being tracked, monetized, or exploited. This policy outlines my commitment to minimal data collection and maximum transparency.

2. Data Controller

The person responsible for data processing on this website (the “data controller”) is:

Markus Winkler, MBA MSc MSc Karres 70/2 6462 Karres Austria Email: [email protected]

3. What Information I Collect and Why

I am committed to collecting only the data that is absolutely necessary to operate this website and provide my services.

  • When You Visit the Website (Privacy-First Analytics): I use Cloudflare Web Analytics to understand how my website is performing. This service is designed for privacy: it does not use cookies or track you across other websites.
  • When You Contact Me or Complete an Inquiry Form: Using the WPForms Lite plugin, I provide forms to collect your name, email address, and message, and in some cases, business details like your company name. This information is used solely to respond to your inquiry and assess if my services are a good fit.
  • When You Book a Call or Make a Purchase: To schedule appointments and process payments, I use Book Like A Boss, which integrates with payment processors like Stripe and PayPal. When you book a call, these services will collect necessary information such as your name, email address, phone number, and payment details to complete the transaction.

4. Our Cookie Policy

My main website, markuswinkler.me, is designed to be cookie-free. I do not use tracking or marketing cookies. The only exception is on my dedicated booking page, which is powered by Book Like A Boss. Both Book Like A Boss and our payment processors (Stripe, PayPal) use essential cookies and browser storage on this page to ensure functionality, security, and to process your booking and payment correctly. I self-host all fonts and do not use services like Google Fonts.

5. Data Processing and Third-Party Services

I work with a few trusted third parties to provide my services. I have chosen them for their commitment to security and privacy.

  • Website Hosting: This website is hosted by WPX.net on servers located in the United Kingdom.
  • Performance & Security: I use Cloudflare for security (firewall) and performance (CDN).
  • Website Security: I use Patchstack Security, an EU-based company (Estonia), which according to its terms, does not collect personal data from visitors.
  • Backups & Security Scanning: I use the BlogVault / MalCare plugin. The BlogVault service stores encrypted backups on secure servers in Germany. The MalCare service helps protect the site from malware and may process visitor IP addresses.
  • The Proton Ecosystem (Mail, Drive, Meet, VPN): My core business infrastructure for communication, file storage, and client meetings is built on Proton’s end-to-end encrypted ecosystem.
  • Email Marketing Platform: My company uses Kit.com (ConvertKit) as its central platform for all newsletter and email marketing communications. All subscribers have explicitly consented to receive these communications and can unsubscribe at any time.
  • Transactional Email: Website-generated emails (like form notifications) are sent via Brave (formerly Sendinblue), an EU-based company.
  • Booking & Scheduling: I use Book Like A Boss to manage client appointments.
  • Payment Processing: I use Stripe and PayPal for secure payment processing.
  • Invoicing & Bookkeeping: I use Fiskl to create invoices and manage accounting.
  • CRM / Note-Taking: For internal contact and project management, I may use Standard Notes, an end-to-end encrypted application.
  • Project & Process Management: For managing client projects and internal workflows, I may use Process Street.
  • Noise Cancellation & Transcription: I use Krisp.ai to ensure clear audio. For real-time noise cancellation, the application processes audio locally on my device. For services that involve recording or transcription, data may be processed on Krisp’s secure cloud servers. I will never record a call or process your media on Krisp’s cloud services without your explicit prior consent.
  • Script Delivery: This site may load necessary functional scripts from unpkg.com.

International Data Transfers: My service providers are located in various jurisdictions. Data processing occurs in:

  • The European Union (EU): Patchstack (Estonia), Brave (France), and MalCare/BlogVault servers (Germany).
  • Countries with an Adequacy Decision: The Proton ecosystem (Switzerland) and my website servers via WPX.net (United Kingdom). This means data is protected to a standard equivalent to GDPR.
  • Other Third Countries: Several providers (including Book Like A Boss, PayPal, Process Street, Fiskl, Cloudflare, Kit.com, Stripe, Krisp.ai, Standard Notes, and BlogVault/MalCare’s parent company) are based in or use subprocessors in countries like the United States, Canada, and India. For these services, data transfers are secured through legal mechanisms compliant with GDPR, such as Standard Contractual Clauses (SCCs).

6. My Use of Artificial Intelligence (AI)

As an AI Ghostwriter, I use AI for content creation. For public content, I use enterprise versions of AI models (e.g., getbind.co, logically.app). For any sensitive client information, I exclusively use high-privacy, encrypted AI tools within the Proton ecosystem. Client data is never processed by general-purpose, third-party AI models.

7. On-Device HTML Applications

This website may feature interactive tools that run entirely within your web browser. Any data you input into these applications is processed locally on your device and is not sent to my web servers.

8. How Long I Keep Your Information

I retain your data only as long as necessary. Contact form data is deleted after the inquiry is resolved. Consented contact data is kept until you withdraw consent. Anonymized analytics data is retained for trend analysis.

9. Our Data Security Commitment

I employ robust technical measures to protect all data, including a security-hardened Linux operating system, strong encryption, and multi-factor authentication using hardware keys (YubiKey).

10. Your Data Protection Rights under GDPR

You have the right to access, rectify, erase, restrict, or object to the processing of your data, and the right to data portability. To exercise these rights, please contact me at [email protected]. You also have the right to lodge a complaint with the Ă–sterreichische Datenschutzbehörde (Austrian Data Protection Authority).

11. Children’s Privacy

This website is not directed at children under the age of 16. I do not knowingly collect any personal data from children.

12. Changes to This Policy

I may update this Privacy Policy from time to time. The “Last Updated” date at the top of this page will always reflect the latest version.

ABOUT THE PRIVACY POLICY

The entire contents of this Privacy Policy should be read in conjunction with our Terms of use & Disclaimer.

If you do not understand any of the contents in this Privacy Policy, or if you have any questions or comments, we invite you to contact us via our Support page.