Privacy Policy
Last updated: 15 May 2026
1. Controller
The controller responsible for data processing on this website is:
Rouven Bardtke
Margaretha-Rothe-Weg 7
22455 Hamburg
Germany
Email: [email protected]
2. What Data We Collect and Why
Account & Authentication
When you sign in, we collect your email address to create and identify your account. Sign-in is handled via magic links sent by email — we do not store passwords. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
Vault Files
Files you sync through the Sidian plugin (Markdown files, images, and other attachments) are stored on our servers to power your published site. You can delete your data at any time from the dashboard. Legal basis: Art. 6(1)(b) GDPR.
Usage Analytics
We use PostHog to collect anonymised usage data (page views, feature interactions) to improve the product. Data is processed on PostHog's EU infrastructure (eu.i.posthog.com). No account-identifying information is linked to analytics events. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
Billing
Paid plans are processed through Stripe. Payment data (card details) is handled exclusively by Stripe and never stored on our servers. Legal basis: Art. 6(1)(b) GDPR.
3. User-Published Content
Sidian is a hosting platform. Content published by users through the Service is their own — we do not review, moderate, or take responsibility for user-generated content. If you believe content published on Sidian infringes your rights or violates applicable law, please submit a report at sidian.app/report or email [email protected].
4. Hosting & Infrastructure
Sidian is hosted on Hetzner Online GmbH servers located in Helsinki, Finland. File storage is provided by Backblaze B2 (EU region), routed via Cloudflare under the Bandwidth Alliance (no data leaves the EU/EEA in transit). Transactional emails are sent via Resend.
5. Data Retention
Account data is retained for as long as your account is active. If you delete your account, all associated data (files, site content, account information) is permanently deleted within 30 days. Suspended sites are deleted after a 30-day grace period.
6. Your Rights
Under GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction — request that we restrict processing of your data
- Objection — object to processing based on legitimate interest
To exercise any of these rights, contact us at [email protected].
7. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The competent authority for Hamburg is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22, 20459 Hamburg
datenschutz.hamburg.de