§ Privacy notice

Privacy notice

How Stratt Labs handles the limited personal data it processes — under Regulation (EU) 2016/679 (GDPR) Article 13.

Effective: 2026-05-23 · Last reviewed: 2026-06-09

01Controller

The data controller responsible for the processing described in this notice is:

Tibor Bödecs, e.U.
[Registered business address — to be inserted from FB-Auszug]
Vienna, Austria
Email: hey@strattlabs.com
Firmenbuch (FN): [FN-number — to be inserted]
UID: [ATU-number — to be inserted if registered]

02What we process, and why

Stratt Labs is a small engineering practice. We do not run consumer products on this site, we do not embed third-party analytics, and we do not place advertising cookies. The personal data we process is the minimum required to operate the practice:

Contact correspondence — name, email address, and the content of any message you send us. Purpose: replying to your enquiry and, if you become a client, performing the engagement. Lawful basis: Art. 6(1)(b) GDPR and Art. 6(1)(f).
Engagement records — for active clients only: contract data, billing data, project artefacts, and audit-relevant communication. Lawful basis: Art. 6(1)(b) and Art. 6(1)(c), including Austrian commercial and tax-law obligations such as § 132 BAO.
Web-server access logs — IP address, timestamp, requested URL, user-agent, referrer. Purpose: operating and securing the site, diagnosing faults, mitigating abuse. Lawful basis: Art. 6(1)(f). Retained for a maximum of 14 days, then deleted.

We do not use Google Analytics, Google Fonts, Meta Pixel, or comparable third-party trackers. Fonts are self-hosted from our own infrastructure.

03Recipients and processors

Personal data is processed by:

Stratt Labs (the controller) — internal access on a need-to-know basis.
Hosting: Cloudflare Pages and Workers runtime, with EU data-localization controls to be enabled before launch and covered by a Data Processing Agreement.
Email: mailbox operated under a DPA with our email provider; correspondence remains EU-region.
Bookkeeping: external accountant, contractually bound under § 109 BAO confidentiality and a written DPA.

We do not intentionally transfer personal data outside the EU/EEA. If that ever changes, this notice will be updated and the transfer mechanism, such as Standard Contractual Clauses under Art. 46 GDPR, will be named.

04Retention

Enquiry correspondence: up to 12 months after the last reply, unless the conversation results in an engagement.
Engagement records: 7 years after the end of the engagement (§ 132 BAO, Austrian tax-record retention).
Server access logs: 14 days maximum, then deleted.
Backups: rolling, encrypted, EU-region only; deleted on the same cadence as the underlying data plus a short overlap window.

05Your rights

Under Articles 15–22 GDPR, you have the right to access, rectification, erasure, restriction, portability, objection, and withdrawal where processing relies on consent. To exercise any of these rights, email hey@strattlabs.com. We will respond within one month under Art. 12(3) GDPR.

06Complaints

You have the right to lodge a complaint with a supervisory authority. The competent authority for Stratt Labs is the Austrian Data Protection Authority:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Austria
www.dsb.gv.at · dsb@dsb.gv.at

07Cookies

This site does not set tracking, analytics, or advertising cookies. A small number of strictly-necessary technical cookies may be used to maintain a session if you sign in to a client area, none required for the public site. No consent banner is shown because no consent-requiring processing takes place.

08Changes to this notice

Material changes are dated above. We do not silently rewrite history — older versions are kept on request.

A note on draft status. The Firmenbuch (FN) number, UID, and registered address fields are placeholders pending a final review of Tibor Bödecs e.U. registration details before public launch. They will be filled in before the site goes live.