Privacy Policy

Last updated: 2026-03-01
Applies to: https://mainstream-outside.com

1. Who we are (Controller)

Mainstream Outside (“we”, “us”, “our”) operates the website https://mainstream-outside.com (the “Site”).
Controller under the EU GDPR:

Mainstream Outside (Owner: Alex Nitschke)
Address: Weißkreuzäcker 19, 83339 Chieming, Germany
Email: contact/at/mainstream-outside.com

2. What we do NOT do

We do not sell personal data and we do not run “shadow profiles” of our visitors.
We do not embed social media tracking pixels. Outbound links are rel="nofollow".
Articles are human-written; tools may be used for layout/graphics assistance only.
We keep tracking to a minimum. However, this Site displays advertising via Google AdSense, and advertising-related cookies/identifiers and third-party processing may occur depending on your consent choices (see section 3D).

3. What we collect

A) Server logs (legitimate interests, Art. 6(1)(f) GDPR)
When you access the Site, our hosting environment routinely processes:

IP address, date/time, request URL, referrer, user-agent, response status.

We use logs to ensure security, diagnose issues and prevent abuse. Logs are retained short-term and deleted or anonymised unless needed for incident investigation.

B) Comments (Grav “Comments Pro”) (consent, Art. 6(1)(a); legitimate interests, Art. 6(1)(f) GDPR)
You can post comments as a guest (no login required). If you optionally use Grav login, we process your account data for authentication.

Data processed: name/pseudonym, email address, comment text, (optional) website URL, IP address and user-agent (anti-abuse). Comments are stored server-side within our Grav installation.

Anti-spam & security settings currently enabled (no third-party providers):

CSRF protection and form-timing validation (min 3 s, max 3600 s).
Honeypot field (website_url).
Spam scoring with thresholds: score ≥ 50 → flagged for review; score ≥ 75 → auto-delete.

Weights (excerpt):

honeypot filled = 100; too-fast submission = 20; per extra link = 10; max links allowed = 2.
Rate limiting: max 10 requests per 5 minutes; further attempts are temporarily blocked for 10 minutes.
IP tracking for abuse prevention and enforcement of house rules; manual IP blocklist may be used for repeated or severe violations.
Moderation: currently set to published immediately, but comments may be retrospectively moderated/removed if unlawful or against our rules.
Cookies: no tracking cookies. The “remember my details” convenience cookie is disabled. (Note: this refers to the comments feature itself; see section D for advertising-related technologies.)

Legal bases & purposes: processing is based on your consent (submission of a comment) and on our legitimate interests in securing the service, preventing spam/abuse, upholding civil discourse and enforcing our Terms (incl. bans), as well as defending legal claims.

Retention: published comments (incl. IP and user-agent) are kept for as long as they remain public or until deletion is requested where legally required. Transient rate-limit and spam-filter data are kept only short-term (typically up to the configured timeout of 10 minutes). IP blocklist entries may be retained until they are no longer necessary for protecting the service and community.

Third-party services: none are active for comments at this time. If we later enable external anti-spam/CAPTCHA services, their provider policies will apply; this Privacy Policy will be updated accordingly.

C) Contacting us (Art. 6(1)(b) / (f) GDPR)
If you email us, we process your message for handling and archiving. We keep necessary correspondence in line with statutory retention periods and our legitimate interests (documentation, defence of claims).

D) Analytics (Plausible Analytics) (legitimate interests, Art. 6(1)(f) GDPR)
We use Plausible Analytics to understand overall Site usage (e.g., which pages are read most) and to improve content and performance. Plausible is a privacy-friendly analytics service designed to work without tracking cookies and without creating user profiles.

Data processed may include: page URL, referrer, browser and operating system (in aggregated form), device type, and an approximate location derived from the IP address. IP addresses are not stored by us for analytics purposes and are processed only transiently as required for basic geolocation and fraud prevention by the analytics provider.

Purpose: measuring audience size and content performance, improving the Site, and keeping statistics free from noise (e.g., excluding our own visits).

You can generally prevent analytics data from being transmitted by using browser settings or content blockers. Since Plausible does not rely on tracking cookies, no separate analytics consent banner is required for this analytics setup in many jurisdictions; where local law requires it, we will comply.

Provider: Plausible Insights OÜ (EU). Further information: Plausible Data Policy

E) Advertising (Google AdSense) (consent, Art. 6(1)(a) GDPR; and where applicable legitimate interests, Art. 6(1)(f) GDPR)
This Site uses Google AdSense to display advertising. When AdSense is active, Google and its partners may process data to deliver ads, measure performance, limit ad frequency, and help prevent fraud/abuse.

Depending on your region, your consent settings, and the type of ads served, this may involve the use of cookies and similar technologies (e.g., local storage, device identifiers) and the processing of information such as:

IP address (often truncated/anonymised depending on configuration), approximate location (derived from IP), device information (user-agent, browser, OS), and interaction data (e.g., ad impressions/clicks).
Unique identifiers stored in cookies/local storage where permitted and consented to.

Consent and choices:
Where required by law, we request your consent before storing or accessing non-essential cookies/identifiers and before processing personal data for personalised advertising and measurement. You can change or withdraw your consent at any time via the consent settings on the Site (if available) or via your browser settings.

Recipient / provider:
Google Ireland Limited (for users in the EEA/UK/Switzerland) and/or Google LLC and its affiliates may receive and process data for advertising purposes. Google may act as an independent controller for certain processing operations. For details, please see:

4. Processors, hosting, transfers

We use standard hosting infrastructure to operate the Site. If we engage processors, they are bound by Art. 28 GDPR agreements. Data is processed in the EU/EEA wherever possible.

Where third-party services are used (e.g., advertising via Google AdSense), data may be processed in countries outside the EU/EEA. In such cases, transfers occur only with appropriate safeguards (Art. 44 ff. GDPR), such as adequacy decisions or standard contractual clauses, as applicable.

5. Retention

Server logs: short operational retention; deletion/anonymisation afterwards.
Comments: for as long as they remain published; removal on justified request.
Emails: retained as required by law and for legitimate interests.
Advertising: retention of advertising-related cookies/identifiers is determined by the advertising provider and your consent settings. See the provider links in section 3D.

6. Your rights (GDPR)

You have the right to access, rectification, erasure, restriction, data portability, and to object to processing on grounds relating to your particular situation. Where processing is based on consent, you may withdraw it at any time with effect for the future. You may lodge a complaint with a supervisory authority, in particular in your Member State of residence, place of work or place of the alleged infringement.

7. Security

We implement appropriate technical and organisational measures to protect personal data (integrity and confidentiality).

8. Children

This Site is not directed to children under 16. We do not knowingly collect data from children under 16.

9. Changes

We may update this Policy. The current version is available on this page.

10. Contact

See section 1.