Last updated: 21 March 2026
Privacy Policy
This privacy policy explains how Felix Schmidt collects, processes, and protects personal data when you visit felixschmidt.software. It applies in accordance with the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP).
1. Controller
Felix Schmidt, Bachmattstrasse 3, 6452 Sisikon, Switzerland. Contact: hey@felixschmidt.software
2. Hosting
This website is hosted by the following third-party providers:
Frontend — Vercel Inc.
Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. When you visit this website, Vercel automatically collects and logs technical data including your IP address, browser type, and pages accessed. This processing is necessary for the operation of the website (Art. 6(1)(f) GDPR). Data may be transferred to the USA under the EU-US Data Privacy Framework. More information: vercel.com/legal/privacy-policy
Backend — Railway Corp.
Railway Corp., San Francisco, CA, USA. The backend API (used exclusively for the contact form) is hosted on Railway. When you submit the contact form, your request is processed via Railway's infrastructure. Data may be transferred to the USA under standard contractual clauses. More information: railway.app/legal/privacy
Database — Supabase Inc.
Supabase Inc., 970 Toa Payoh North, Singapore. This website uses Supabase as its database provider for public blog content. Your browser establishes a direct connection to Supabase servers when loading blog content. In the process, technical data including your IP address is processed. This processing is necessary for the operation of the website (Art. 6(1)(f) GDPR). Data may be transferred internationally under standard contractual clauses. More information: supabase.com/privacy
3. Contact Form
When you submit the contact form, I collect your name, email address, and message, as well as optionally your company and the type of service you are interested in. This data is transmitted to me by email and is not stored in a database. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures). I retain contact emails for as long as necessary to process your inquiry.
4. Google Mail (Email Receipt)
Incoming contact requests are received via Google Mail (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google processes message content as a data processor within the meaning of Art. 28 GDPR. A data processing agreement is in place with Google. Data may be transferred to the USA under the EU-US Data Privacy Framework. More information: policies.google.com/privacy
5. Google reCAPTCHA
The contact form uses Google reCAPTCHA v3 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to prevent automated abuse. The reCAPTCHA script is loaded only after your explicit consent. reCAPTCHA collects hardware and software information (e.g. device and application data) and sends it to Google for analysis. The legal basis is Art. 6(1)(a) GDPR (consent). Data may be transferred to the USA under the EU-US Data Privacy Framework. You may withdraw your consent at any time with future effect by resetting your cookie preference on this website (delete the "fss:consent" entry in your browser's local storage). Google's privacy policy: policies.google.com/privacy
6. Calendly
The contact page offers a scheduling widget provided by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA. The widget is loaded only after your explicit consent. When using the widget, Calendly collects your name, email address, and scheduling preferences, as well as technical data such as your IP address. Calendly acts as an independent controller under its own privacy policy, available at calendly.com/privacy. Data may be transferred to the USA under standard contractual clauses. You may withdraw your consent at any time (see section 7). Alternatively, you may contact me directly by email.
7. Local Storage & Cookies
This website stores the following data exclusively in your browser's local storage (never transmitted to any server): your theme preference (light or dark mode) and your cookie consent choice (key "fss:consent", value "accepted" or "rejected"). This website itself does not set any tracking or analytics cookies. Third-party services such as Google reCAPTCHA (section 5) and Calendly (section 6) are loaded only after your consent and may then set their own cookies, which are governed by the respective providers' privacy policies. You may withdraw your consent at any time by deleting the "fss:consent" entry under local storage in your browser's developer tools or settings. You can also manage or delete cookies at any time via your browser settings.
8. Automated Decision-Making
This website does not use automated decision-making or profiling within the meaning of Art. 22 GDPR. No decisions producing legal or similarly significant effects are made about you solely on the basis of automated processing.
9. Your Rights
Under the GDPR and the Swiss nFADP, you have the following rights:
- Right of access (Art. 15 GDPR / Art. 25 nFADP)
- Right to rectification (Art. 16 GDPR / Art. 32 nFADP)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
To exercise any of these rights, please contact me at hey@felixschmidt.software. You also have the right to lodge a complaint with a supervisory authority. For individuals in Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch. Individuals in the EU may contact the supervisory authority in their member state of residence.
10. Changes
I may update this privacy policy from time to time. The date at the top of this page indicates when it was last revised.