Felix Rascher

Imprint & Privacy

Last updated: May 2026

Welcome. This document explains who runs this site and exactly how your data is handled. No legal jargon, no hidden clauses—just complete transparency about what I do and don’t collect.

1. The Operator (Imprint)

This is a purely personal web project, operated by me without commercial intent.

Felix Rascher
Favoritenstraße 70/16
1040 Vienna, Austria
Email: contact@rascher.online

2. The “No Tracking” Promise

Most of the web tracks you. This site does not.

  • Zero Cookies: I don’t ask for cookie consent because I don’t use cookies.
  • Zero Tracking: I use no analytics, no device fingerprinting, and no invisible tracking pixels.
  • Clean Assets: All fonts, images, and scripts are hosted directly with the site. Your browser isn’t secretly pinging Google, Meta, or advertising networks when you load this page.

3. My Tech Stack & Infrastructure

To keep this website fast, secure, and online, I rely on a few professional services. When you visit this site, your connection involves the following providers. They process network data (like your IP address) temporarily for security and delivery, but they do not use it to profile you.

Service Provider Purpose Location / Framework
DNS Cloudflare, Inc. Authoritative DNS for the domain. HTTP traffic is not proxied through Cloudflare; it goes directly to Fly. Global (DPF Compliant)
App & Database Fly.io Hosts the actual website and my SQLite database. Frankfurt, DE
Email Dispatch Resend, Inc. Delivers newsletter and confirmation emails. USA (DPF Compliant)
Code & Deploy GitHub Version control for my code (processes no visitor data). Internal

4. Newsletter Subscriptions

If you choose to hear from me, I only collect what is strictly necessary to get the email to your inbox and address you personally.

What I store in my SQLite Database

  • Your first name, last name, and email address. (Note: I value genuine connections and reserve the right to exclude or remove subscriptions using obvious fantasy or fake names.)
  • A temporary 6-digit confirmation code (cryptographically hashed, expires in 24 hours).
  • An opaque unsubscribe token for one-click removal.
  • Timestamps for subscription lifecycle events (when you subscribed, confirmed, or left).

Retention

Retention is enforced in code, not just promised in text. A scheduled job inside the application clears expired confirmation-code hashes within an hour of expiry, deletes pending sign-ups that were never confirmed within seven days, and deletes unsubscribed records ninety days after you left. Confirmed subscribers are kept until they unsubscribe or until I shut the newsletter down.

How you leave

Leaving should be as easy as joining. Every newsletter includes a one-click unsubscribe link (RFC 8058) and native List-Unsubscribe headers. This means your mail app (like Gmail or Apple Mail) can show its own built-in “Unsubscribe” button. One click, and you’re out. Unsubscribed records are kept for ninety days only to ensure I respect your opt-out in future mailings, then they are deleted automatically.

What if you want to leave before the first newsletter arrives?

I do not send newsletters on a strict schedule. It might happen that you register and it takes several months (or even half a year) before I send out the next issue. If you change your mind before you receive an email containing the unsubscribe link, simply drop me a message at contact@rascher.online. I read every single email personally. I will manually remove your data from the database and send you a quick confirmation that your request has been processed.

5. Security & Logs

To keep this server secure and defend against abuse, I maintain application logs. However, your email address is never written into these logs.

Instead of your email, my system generates a 12-character correlation tag using a keyed cryptographic hash (HMAC-SHA256). This allows me to debug system errors without ever exposing your identity.

6. Your Rights

Under the GDPR, you are in control of your data. You have the right to:

  1. Access & Portability: Request a copy of the data I hold about you.
  2. Correction: Ask me to update wrong information.
  3. Erasure (Right to be Forgotten): Request the permanent deletion of your data.
  4. Complaint: Lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde).

To exercise any of these rights, simply email me at contact@rascher.online.

7. Appendix: For the Technically Curious

If you are a developer or just interested in lean software architecture, here is a quick overview of how this site is built. The guiding principle is zero-bloat and maximum privacy.

  • Zero-Framework Frontend: There is no Node.js, no npm, no Webpack, and no React. The frontend is built with pure Vanilla ES Modules (~550 lines of code) and standard CSS with custom properties (~940 lines). Fonts (Söhne and Azeret Mono) are self-hosted.
  • Pure Go Backend: The server is written in Go 1.25.0, relying almost entirely on the standard library (including net/http ServeMux and html/template). It compiles down to a single static binary of about 12 MB.
  • One Single Dependency: The backend has exactly one direct dependency: modernc.org/sqlite (a pure-Go SQLite driver). No heavy ORMs, no CGO.
  • Security by Default: The app enforces strict HTTP headers (CSP 'self'-only, HSTS, no-sniff) and uses Go 1.25’s http.NewCrossOriginProtection. Rate-limiting (token bucket) and HMAC-SHA256 hashing for logs are custom-built into the Go server.
  • Tiny Footprint: The entire platform—backend, database migrations, email dispatch logic, HTML templates, and frontend styling—fits into fewer than 5,000 lines of code. It runs in a Distroless container on Fly.io (Frankfurt).