Tim Trautmann Archive

Privacy Policy

Last updated: April 6, 2026

This privacy policy covers archive.timtrautmann.com, a photo licensing platform operated by Tim Trautmann. It explains what data is collected, how it is used, and your rights regarding that data.

Lawful basis for processing

Under the General Data Protection Regulation (GDPR), we process personal data on the following legal bases:

  • Contract performance — Account information (name, email, address), payment processing, transactional emails, and license fulfillment. This data is necessary to create your account, process purchases, deliver licenses, and provide download access.
  • Legitimate interest — Server access logs (security and operational diagnostics) and session cookies (site functionality). These are strictly necessary for the site to operate securely and are minimally invasive.
  • Legal obligation — License records and transaction history may be retained to meet tax, accounting, and contractual evidence requirements.

We do not process personal data based on consent, as all processing falls under the bases above. No marketing, profiling, or automated decision-making takes place.

Account information

When you create an account, we collect your name, email address, and optionally your company name and business address. This information is used to manage your account, process license purchases, and generate license agreements. Your address is required before checkout and is included on license documents.

Authentication

This site uses passkey-based authentication (WebAuthn). Your passkey's private key never leaves your device. We store only the public key and a credential identifier on our server. No passwords are stored or transmitted.

Payment processing

License purchases are processed by Stripe. Your payment card details are submitted directly to Stripe and never touch our servers. We receive confirmation of payment, your email, and a transaction identifier from Stripe to fulfill your order.

Cookies and sessions

When you log in, a session cookie is set. It is httpOnly, scoped to .timtrautmann.com, and expires after seven days. This cookie is used solely to maintain your login session across requests. No tracking cookies are set.

Local storage

Your theme preference (light or dark mode) and shopping cart contents (for anonymous users) are stored in your browser's local storage. This data never leaves your device and is not sent to the server.

Email

We send transactional emails related to your account and purchases: account invitations, license confirmations, and download-ready notifications. Emails are sent via Mailgun. We do not send marketing emails or share your email address with third parties.

Server logs

Standard server access logs record IP addresses, request paths, timestamps, and user-agent strings. These logs are used for security and debugging purposes only. They are not used for analytics, profiling, or shared with third parties. Logs are periodically rotated and deleted.

Your rights

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate or incomplete data.
  • Erasure — Request deletion of your personal data. Note that license records may be retained where required by legal obligation (tax, accounting, contractual evidence).
  • Restriction — Request that we limit how your data is processed while a concern is being resolved.
  • Portability — Request your data in a structured, machine-readable format (JSON).
  • Objection — Object to processing based on legitimate interest. We will cease processing unless we have compelling legitimate grounds.

To exercise any of these rights, email tim@timtrautmann.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

International data transfers

This site is hosted in the United States. If you access it from the EEA, UK, or other jurisdictions with data protection laws, your personal data will be transferred to and processed in the US. By creating an account or making a purchase, you acknowledge this transfer. Our data processors (Stripe, Mailgun) maintain their own GDPR compliance programs and data processing agreements.

Data retention

Account data and license records are retained indefinitely to support license verification and re-downloads. You may request deletion of your account and associated data by contacting us. License records may be retained for legal and accounting purposes even after account deletion.

Questions

If you have questions about this policy, write to tim@timtrautmann.com.