Privacy Policy
How we collect, use, and protect your personal data at OFFLINE Webagency.
Last updated: 31/05/2026
Data Controller
OFFLINE Webagency LLC
75 E 3rd St
Sheridan, 82801
USA
Email: hello@offline-ag.com
Data We Process
Applicable Privacy Frameworks
As a US-based company serving clients internationally, we comply with applicable privacy laws in the jurisdictions we operate in.
GDPR
Applies to our processing of personal data of individuals in the European Economic Area.
Consent — Art. 6(1)(a)
Contract — Art. 6(1)(b)
Legitimate Interest — Art. 6(1)(f)
CCPA / CPRA
Applies to personal information of California residents.
We do not sell or share your personal information for cross-context behavioral advertising.
Privacy Act 1988
Applies to personal information of individuals in Australia.
We handle personal information in accordance with the Australian Privacy Principles (APPs).
Technical Data Processing
SSL/TLS Encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the browser's address bar changing from "http://" to "https://" and the lock icon in your browser bar.
Server Log Files
The hosting provider automatically collects and stores information in server log files:
Technically Necessary Cookies
This website uses only technically necessary cookies. No tracking, marketing, or analytics cookies are set. A cookie consent banner is therefore not required.
| Cookie | Purpose | Retention |
|---|---|---|
| offline_webagency_session | Session management | 120 min |
| XSRF-TOKEN | CSRF protection | 120 min |
How We Collect Data
Contact Form
Your explicit consent is required before submitting the form. You will receive an automatic confirmation email.
Bug Report
Technical data is automatically captured to facilitate error diagnosis. Reports are transmitted by email and optionally stored in our CMS.
Email Delivery
We use Postmark by ActiveCampaign, LLC (USA) for sending emails. Postmark processes recipient email addresses, email content, and metadata. Servers are located in the USA.
For EEA visitors, data transfer is protected by EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.
Content Management System
We use a proprietary CMS for managing content, storing contact enquiries and bug reports. The CMS runs on the same infrastructure as this website.
Blog images served by the CMS transmit your IP address to the CMS server.
Analytics & Security
Plausible Analytics
Plausible Insights OÜ — Estonia, EU
Privacy-friendly analytics: no personal data, no cookies, no fingerprinting. Only aggregated, anonymous statistics. Fully GDPR compliant without consent.
Metricool
Metricool S.L. — Spain, EU
Cookieless web analytics and social media management. Only anonymised usage statistics, no personal data, no session tracking.
Spam Protection
Server-side honeypot
We use a server-side honeypot to protect forms from bots. No external services (like reCAPTCHA) are used and no additional personal data is collected.
Basis: Art. 6(1)(f) GDPRSocial Media Links
Our website contains links to social media profiles and share buttons for blog posts. These are simple hyperlinks — no social media plugins or SDKs are embedded. Data is only transmitted when you actively click a link.
Hosting & Service Providers
Hetzner Online GmbH
Industriestr. 25, 91710 Gunzenhausen, Germany
Web hosting and server infrastructure. Servers located in Germany.
Privacy policyDigitalOcean, LLC
101 Avenue of the Americas, New York, NY 10013, USA
European data centres in Frankfurt and Amsterdam. For EEA visitors, protected by SCCs.
Privacy policyAll Service Providers
| Provider | Purpose | Location |
|---|---|---|
| Hetzner / DigitalOcean | Web hosting, infrastructure | Germany / EU (or USA) |
| ActiveCampaign (Postmark) | Email delivery | USA |
| Plausible Insights OÜ | Privacy-friendly analytics | EU (Estonia) |
| Metricool S.L. | Web analytics | EU (Spain) |
International Data Transfers
As a US-based company, data processed through our website may be transferred to or stored in the United States. For EEA visitors:
Postmark (USA): Email delivery — protected by EU Standard Contractual Clauses (SCCs).
DigitalOcean (USA): European data centres preferred, protected by SCCs.
Retention Periods
| Data | Retention Period |
|---|---|
| Server log files | 14 days |
| Session data | 120 minutes or end of session |
| Contact enquiries | Until processed, max. 6 months |
| Bug reports | Until resolved, max. 6 months |
| Emails at Postmark | 45 days (auto-deleted) |
Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data.
EEA Residents (GDPR)
Access — Art. 15 GDPR
Rectification — Art. 16 GDPR
Erasure — Art. 17 GDPR
Restriction — Art. 18 GDPR
Portability — Art. 20 GDPR
Objection — Art. 21 GDPR
Complaint — Art. 77 GDPR (supervisory authority in your country)
California (CCPA/CPRA)
Right to know — disclosure of collected data
Right to delete — deletion of your data
Right to opt-out — we do not sell your data
Non-discrimination — no penalties for exercising rights
Australia
Access — request access to your information
Correction — request correction of inaccurate data
Complaint — lodge with the OAIC
Exercise Your Rights
To exercise any of your rights, please contact us at hello@offline-ag.com.
Withdrawal of Consent
Where processing is based on consent, you may withdraw it at any time. The lawfulness of processing prior to withdrawal remains unaffected. Send your withdrawal to hello@offline-ag.com.
We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services. The new privacy policy will then apply to your subsequent visits.