Privacy Policy

Last updated: 2026-05-14
Applies to: https://mainstream-outside.com

1. Who we are (Controller)

Mainstream Outside (“we”, “us”, “our”) operates the website https://mainstream-outside.com (the “Site”).
Controller under the EU GDPR:

Mainstream Outside (Owner: Alex Nitschke)
Address: c/o Autorenglück #50728, Albert-Einstein-Str. 47, 02977 Hoyerswerda, Germany
Email: contact/at/mainstream-outside.com

2. What we do NOT do

We do not sell personal data and we do not run “shadow profiles” of our visitors.
We do not embed social media tracking pixels. Outbound links are rel="nofollow".
Articles are human-written; tools may be used for layout/graphics assistance only.
We keep tracking to a minimum. However, this Site displays advertising via Google AdSense, and advertising-related cookies/identifiers and third-party processing may occur depending on your consent choices (see section 3E).

3. What we collect

A) Server logs (legitimate interests, Art. 6(1)(f) GDPR)
When you access the Site, our hosting environment routinely processes:

IP address, date/time, request URL, referrer, user-agent, response status.

We use logs to ensure security, diagnose issues and prevent abuse. Logs are retained short-term and deleted or anonymised unless needed for incident investigation.

B) Comments (Grav “Comments Pro”) (consent, Art. 6(1)(a); legitimate interests, Art. 6(1)(f) GDPR)
You can post comments as a guest (no login required). If you optionally use Grav login, we process your account data for authentication.

Data processed: name/pseudonym, email address, comment text, (optional) website URL, IP address and user-agent (anti-abuse). Comments are stored server-side within our Grav installation.

Anti-spam & security settings currently enabled (no third-party providers):

CSRF protection and form-timing validation (min 3 s, max 3600 s).
Honeypot field (website_url).
Spam scoring with thresholds: score ≥ 50 → flagged for review; score ≥ 75 → auto-delete.

Weights (excerpt):

honeypot filled = 100; too-fast submission = 20; per extra link = 10; max links allowed = 2.
Rate limiting: max 10 requests per 5 minutes; further attempts are temporarily blocked for 10 minutes.
IP tracking for abuse prevention and enforcement of house rules; manual IP blocklist may be used for repeated or severe violations.
Moderation: currently set to published immediately, but comments may be retrospectively moderated/removed if unlawful or against our rules.
Cookies: no tracking cookies. The “remember my details” convenience cookie is disabled. (Note: this refers to the comments feature itself; see section D for advertising-related technologies.)

Legal bases & purposes: processing is based on your consent (submission of a comment) and on our legitimate interests in securing the service, preventing spam/abuse, upholding civil discourse and enforcing our Terms (incl. bans), as well as defending legal claims.

Retention: published comments (incl. IP and user-agent) are kept for as long as they remain public or until deletion is requested where legally required. Transient rate-limit and spam-filter data are kept only short-term (typically up to the configured timeout of 10 minutes). IP blocklist entries may be retained until they are no longer necessary for protecting the service and community.

Third-party services: none are active for comments at this time. If we later enable external anti-spam/CAPTCHA services, their provider policies will apply; this Privacy Policy will be updated accordingly.

C) Contacting us (Art. 6(1)(b) / (f) GDPR)
If you email us, we process your message for handling and archiving. We keep necessary correspondence in line with statutory retention periods and our legitimate interests (documentation, defence of claims).

D) Embedded media / rich embeds (Embedly) (Art. 6(1)(f) GDPR; where applicable Art. 6(1)(a) GDPR)
Some pages may load third-party embed functionality to display or enhance embedded external content. Where this happens, technical data such as your IP address, browser information, referrer URL, device-related data, and information about the requested page may be transmitted to the provider in order to deliver the embedded content or related functionality.

Purpose: providing embedded content and improving presentation/usability where such embeds are used.

Provider: Embedly, Inc. / related service infrastructure.

If this functionality is removed, replaced, or materially changed, this Privacy Policy will be updated accordingly.

E) Advertising (Google AdSense) (consent, Art. 6(1)(a) GDPR; and where applicable legitimate interests, Art. 6(1)(f) GDPR)
This Site uses Google AdSense to display advertising. When AdSense is active, Google and its partners may process data to deliver ads, measure performance, limit ad frequency, and help prevent fraud/abuse.

Depending on your region, your consent settings, and the type of ads served, this may involve the use of cookies and similar technologies (e.g., local storage, device identifiers) and the processing of information such as:

IP address (often truncated/anonymised depending on configuration), approximate location (derived from IP), device information (user-agent, browser, OS), and interaction data (e.g., ad impressions/clicks).
Unique identifiers stored in cookies/local storage where permitted and consented to.

Consent and choices:
Where required by law, we request your consent before storing or accessing non-essential cookies/identifiers and before processing personal data for personalised advertising and measurement. You can change or withdraw your consent at any time via the consent settings on the Site (if available) or via your browser settings.

Recipient / provider:
Google Ireland Limited (for users in the EEA/UK/Switzerland) and/or Google LLC and its affiliates may receive and process data for advertising purposes. Google may act as an independent controller for certain processing operations. For details, please see:

4. Processors, hosting, transfers

We use standard hosting infrastructure to operate the Site. If we engage processors, they are bound by Art. 28 GDPR agreements. Data is processed in the EU/EEA wherever possible.

Where third-party services are used (e.g., advertising via Google AdSense), data may be processed in countries outside the EU/EEA. In such cases, transfers occur only with appropriate safeguards (Art. 44 ff. GDPR), such as adequacy decisions or standard contractual clauses, as applicable.

5. Retention

Server logs: short operational retention; deletion/anonymisation afterwards.
Comments: for as long as they remain published; removal on justified request.
Emails: retained as required by law and for legitimate interests.
Advertising: retention of advertising-related cookies/identifiers is determined by the advertising provider and your consent settings. See the provider links in section 3E.

6. Your rights (GDPR)

You have the right to access, rectification, erasure, restriction, data portability, and to object to processing on grounds relating to your particular situation. Where processing is based on consent, you may withdraw it at any time with effect for the future. You may lodge a complaint with a supervisory authority, in particular in your Member State of residence, place of work or place of the alleged infringement.

7. Security

We implement appropriate technical and organisational measures to protect personal data (integrity and confidentiality).

8. Children

This Site is not directed to children under 16. We do not knowingly collect data from children under 16.

9. Changes

We may update this Policy. The current version is available on this page.

10. Contact

See section 1.