Privacy Policy

Last updated: June 24, 2026

This privacy policy explains how MilliPress ("we", "us", "our") collects, uses, and protects your personal data when you visit our website at millipress.com.

Data Controller

The controller responsible for data processing on this website is:

Philipp Wellmer (MilliPress)
Isartalstraße 10
80469 München
Germany
Email: hello@millipress.com

Website Analytics

We use Plausible Analytics, a privacy-friendly, cookie-free analytics service. It is loaded only after you consent via our cookie banner — if you decline, no analytics script is loaded and nothing is sent.

Data collected: Page views, referrer sources, browser type, device type, country (anonymized from IP address)

How it works: Plausible generates a daily changing identifier using your IP address and User-Agent, which is immediately anonymized through a hash function with a rotating salt. No personal data or personally identifiable information is collected.

Purpose: Understanding website traffic and improving user experience

Legal basis: Your consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG). Plausible loads only after you accept analytics in our cookie banner; you can withdraw consent at any time via "Cookie settings" in the footer.

Data hosting: All data is hosted on EU servers in Germany

Data retention: Unlimited (as long as we maintain our subscription)

No cookies: Plausible does not use cookies or track personal data

Learn more: Plausible Data Policy

Checkout & Payments

Paid products (e.g. MilliCache Pro) are sold and processed by our reseller Creem acting as Merchant of Record. When you start checkout, an embedded Creem payment form is loaded on our page; the data you enter there (name, email, payment details, billing address) is collected and processed by Creem, not by us.

Provider: Armitage Labs OÜ (Creem), Telliskivi 57b/1, 10412 Tallinn, Estonia

Data processed: Name, email, payment and billing details, purchase and licence data

Purpose: Processing your purchase, payment, invoicing and tax, and fulfilling your licence

Roles: For the sale itself Creem is an independent controller (it is the seller). For licence and customer data passed back to us (e.g. via webhooks) Creem acts as our processor under a data processing agreement.

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and our legitimate interest in fulfilling and supporting licences (Art. 6(1)(f) GDPR)

Note: The embedded payment form is loaded only when you actively start checkout — not on page load.

Learn more: Creem Privacy Policy

Contact Forms & Newsletter

When you submit a form on our website (e.g., newsletter signup, contact form), we collect:

  • Email address (required)
  • Name (if provided)
  • Any additional information you voluntarily provide in the form
  • IP address and submission timestamp (for spam protection)

Purpose: Processing your inquiry or newsletter subscription

Legal basis: Consent for the newsletter (Art. 6(1)(a) GDPR); for contact enquiries, pre-contractual steps / our legitimate interest in responding (Art. 6(1)(b)/(f) GDPR)

Storage: Form submissions are stored in our WordPress database

Data retention: We retain form submissions until you request deletion or unsubscribe from the newsletter. You can request deletion at any time by emailing hello@millipress.com

Spam Protection

We protect our forms from automated spam using self-hosted methods only. No third-party spam-protection services are involved and no form data is transferred outside our infrastructure for this purpose.

Honeypot field: A hidden form field invisible to humans. Submissions that fill it in are silently discarded as bot traffic.

Double opt-in verification: Newsletter signups are only activated after you click the confirmation link sent to your email address.

Server-side rate limiting: Repeated verification attempts from the same IP address are throttled to prevent abuse.

Data processed: Only data already disclosed in the "Contact Forms & Newsletter" section above.

Cookies: None

Third-party transfers: None

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — preventing spam and abuse

Hosting & Server Logs

Our website is hosted on servers that automatically collect technical information:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL (the page you came from)
  • Date and time of access
  • Requested pages and files

Purpose: Security, abuse prevention, and system stability

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)

Data retention: Server logs are automatically rotated daily and deleted after 52 days

Hosting provider: Hetzner Online GmbH, Germany (managed via Ploi)

Email Delivery

All emails sent from our website (such as newsletter verification links and form-submission notifications) are delivered through Migadu, a Swiss email service provider.

Data processed: Recipient email address, sender address, subject and message content, and delivery metadata (timestamps, message identifiers, server logs)

Purpose: Delivering verification emails, form notifications, and other transactional messages you have asked us to send

Service provider: Migadu-Mail GmbH, Rohnen 587, CH-9414 Schachen, Switzerland

Data location: Migadu operates multiple data centers; the specific geographic locations are not publicly disclosed by the provider

Security: Per Migadu's privacy policy, "All our data is 100% encrypted at rest and in motion"

Compliance: Migadu states its processing complies with the EU GDPR and the Swiss Federal Data Protection Act. Transfers to Switzerland are covered by the EU Commission's adequacy decision for Switzerland.

Legal basis: Performance of a contract / our legitimate interest (Art. 6(1)(b)/(f) GDPR) — delivering emails you requested or that are necessary to fulfil our service

Learn more: Migadu Privacy Policy

Cookies

This website uses very little device storage, and we ask for consent before anything non-essential runs:

Strictly necessary: A signed session cookie keeps you logged in to your account, and your cookie-consent choice is remembered in your browser. These are exempt from consent under § 25(2) TDDDG (strictly necessary for a service you requested).

Analytics: Plausible is cookie-free but is still loaded only after you opt in via our cookie banner (Art. 6(1)(a) GDPR, § 25(1) TDDDG). Decline and nothing analytics-related loads.

Withdraw consent: Open "Cookie settings" in the footer at any time to change or withdraw your choice.

Third-Party Services

We use the following third-party services that may process your data:

  • Plausible Analytics - Privacy-friendly analytics (EU-hosted, Germany), loaded only with your consent
  • Creem (Armitage Labs OÜ) - Checkout, payments & Merchant of Record (Estonia, EU)
  • Hetzner Online GmbH - Hosting provider (EU, Germany), managed via Ploi
  • Migadu-Mail GmbH - Email delivery (Switzerland; EU adequacy decision applies)

Your Rights

Under the EU General Data Protection Regulation (GDPR), you have the following rights:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent for newsletter or other voluntary services

To exercise any of these rights, contact us at hello@millipress.com

Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The authority competent for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
www.lda.bayern.de

You may also contact the supervisory authority in your EU member state of residence.

Questions About Privacy

If you have any questions about this privacy policy or how we handle your data, please contact us at:

Email: hello@millipress.com