System Notice
We are testing out the newest version of the blog!, Expect some bugs and downtime. Please report any issues to stratware.win
Last updated: 12 June 2026
This policy explains what personal data Sander Kristiansen processes when you use kristiansen.icu, why it is needed, and what choices you have.
Plain-English definitions for words used in this document.
Personal data
Information that relates to an identifiable person, such as an IP address in server logs.
Data controller
The person who decides why and how personal data is processed. For this site, that is Sander Kristiansen.
Processing
Any operation performed on personal data, including storing, displaying, or deleting it.
Legal basis
The reason under GDPR that allows personal data to be processed, such as consent or legitimate interest.
Consent
A freely given choice you make, for example when accepting or declining optional cookies.
Legitimate interest
A lawful reason to process data when it is necessary and balanced against your privacy rights, such as keeping the site secure.
Subprocessor
A third-party service that processes data on our behalf, such as a hosting provider.
Retention
How long data is kept before it is deleted or anonymized.
GDPR
The EU General Data Protection Regulation. It gives individuals rights over their personal data where it applies.
| Term | Meaning |
|---|---|
| Personal data | Information that relates to an identifiable person, such as an IP address in server logs. |
| Data controller | The person who decides why and how personal data is processed. For this site, that is Sander Kristiansen. |
| Processing | Any operation performed on personal data, including storing, displaying, or deleting it. |
| Legal basis | The reason under GDPR that allows personal data to be processed, such as consent or legitimate interest. |
| Consent | A freely given choice you make, for example when accepting or declining optional cookies. |
| Legitimate interest | A lawful reason to process data when it is necessary and balanced against your privacy rights, such as keeping the site secure. |
| Subprocessor | A third-party service that processes data on our behalf, such as a hosting provider. |
| Retention | How long data is kept before it is deleted or anonymized. |
| GDPR | The EU General Data Protection Regulation. It gives individuals rights over their personal data where it applies. |
The data controller for personal data related to this site is Sander Kristiansen. Contact: [email protected].
kristiansen.icu is a personal site with optional community accounts — not a large-scale commercial data broker or ad network.
We do not sell personal data, run newsletters, process payments, or use ad/tracking platforms such as Google Analytics or Meta Pixel.
The Contact link opens your own email client. We do not receive your message until you send it yourself.
When you use the site, the following data may be processed:
Accounts are optional and used for comments, profiles, notifications, and (when authorised) authoring posts. On sign-up or login, an httpOnly session cookie (`account_session`) is set. Session tokens are stored hashed in the database with expiry and IP address.
Email addresses are used for verification and account recovery flows. Verified status may be required for some features.
Public profile pages show your display name, username, optional avatar, badges you choose to display, and join date according to your privacy settings. Passwords and API key secrets are never shown.
A password-protected staff area at `/admin` is used to publish content and moderate the community. On login, an httpOnly session cookie (`admin_session`) signed with HMAC is set.
Founder, Administrators, Developers, and Moderators may access parts of this panel according to their role. Moderators can manage community members but cannot open site settings or view other staff in the user list.
Staff with CMS access may view account data needed for moderation, publishing, and media review. The `admin_session` cookie identifies staff login state; it does not contain visitor passwords.
We process data for the following purposes:
We do not sell personal data.
Data may be processed by technical subprocessors such as hosting (server/database), Cloudflare Turnstile (sign-up captcha), and GitHub (when the profile page is shown), only as needed to deliver the site.
Cookie consent records are kept for up to 12 months from when you gave consent (`decidedAt`). After that, consent data is automatically removed and you will be asked to choose again.
Server logs are kept according to the hosting provider's routines, usually for a limited time.
Blog content and uploaded images are kept until deleted by the administrator or until the server is rebuilt.
Admin sessions expire after inactivity, when you log out, or when the server is purged.
Account session tokens expire after 30 days or when you sign out. Account data is kept until you request deletion or the account is removed by staff.
Notifications are kept while relevant or until cleared according to site routines.
Revoked API keys remain in the database in revoked form for audit purposes.
Comments remain visible until deleted by you (when available) or by staff.
Under the GDPR you may have rights to access, rectification, erasure, restriction, objection, and data portability where data about you is concerned and where applicable law requires it.
Because we normally do not collect identifiable data about visitors beyond limited technical records, many requests may relate to logs held by the hosting provider.
Contact [email protected] for requests. You may also lodge a complaint with your supervisory authority.
Reasonable technical and organizational measures are used to protect data, including password-protected admin access, signed session cookies with secure flags (httpOnly, secure in production, SameSite), and idle timeout.
No website or system is completely secure, but we work to keep the site maintained and protected.
This policy may be updated from time to time. The latest version is always published on this page with an updated date.
Questions about this policy may be sent to [email protected].
For general site use rules, see the Terms of Service.
Last updated: 12 June 2026
This policy explains what personal data Sander Kristiansen processes when you use kristiansen.icu, why it is needed, and what choices you have.
Plain-English definitions for words used in this document.
Personal data
Information that relates to an identifiable person, such as an IP address in server logs.
Data controller
The person who decides why and how personal data is processed. For this site, that is Sander Kristiansen.
Processing
Any operation performed on personal data, including storing, displaying, or deleting it.
Legal basis
The reason under GDPR that allows personal data to be processed, such as consent or legitimate interest.
Consent
A freely given choice you make, for example when accepting or declining optional cookies.
Legitimate interest
A lawful reason to process data when it is necessary and balanced against your privacy rights, such as keeping the site secure.
Subprocessor
A third-party service that processes data on our behalf, such as a hosting provider.
Retention
How long data is kept before it is deleted or anonymized.
GDPR
The EU General Data Protection Regulation. It gives individuals rights over their personal data where it applies.
| Term | Meaning |
|---|---|
| Personal data | Information that relates to an identifiable person, such as an IP address in server logs. |
| Data controller | The person who decides why and how personal data is processed. For this site, that is Sander Kristiansen. |
| Processing | Any operation performed on personal data, including storing, displaying, or deleting it. |
| Legal basis | The reason under GDPR that allows personal data to be processed, such as consent or legitimate interest. |
| Consent | A freely given choice you make, for example when accepting or declining optional cookies. |
| Legitimate interest | A lawful reason to process data when it is necessary and balanced against your privacy rights, such as keeping the site secure. |
| Subprocessor | A third-party service that processes data on our behalf, such as a hosting provider. |
| Retention | How long data is kept before it is deleted or anonymized. |
| GDPR | The EU General Data Protection Regulation. It gives individuals rights over their personal data where it applies. |
The data controller for personal data related to this site is Sander Kristiansen. Contact: [email protected].
kristiansen.icu is a personal site with optional community accounts — not a large-scale commercial data broker or ad network.
We do not sell personal data, run newsletters, process payments, or use ad/tracking platforms such as Google Analytics or Meta Pixel.
The Contact link opens your own email client. We do not receive your message until you send it yourself.
When you use the site, the following data may be processed:
Accounts are optional and used for comments, profiles, notifications, and (when authorised) authoring posts. On sign-up or login, an httpOnly session cookie (`account_session`) is set. Session tokens are stored hashed in the database with expiry and IP address.
Email addresses are used for verification and account recovery flows. Verified status may be required for some features.
Public profile pages show your display name, username, optional avatar, badges you choose to display, and join date according to your privacy settings. Passwords and API key secrets are never shown.
A password-protected staff area at `/admin` is used to publish content and moderate the community. On login, an httpOnly session cookie (`admin_session`) signed with HMAC is set.
Founder, Administrators, Developers, and Moderators may access parts of this panel according to their role. Moderators can manage community members but cannot open site settings or view other staff in the user list.
Staff with CMS access may view account data needed for moderation, publishing, and media review. The `admin_session` cookie identifies staff login state; it does not contain visitor passwords.
We process data for the following purposes:
We do not sell personal data.
Data may be processed by technical subprocessors such as hosting (server/database), Cloudflare Turnstile (sign-up captcha), and GitHub (when the profile page is shown), only as needed to deliver the site.
Cookie consent records are kept for up to 12 months from when you gave consent (`decidedAt`). After that, consent data is automatically removed and you will be asked to choose again.
Server logs are kept according to the hosting provider's routines, usually for a limited time.
Blog content and uploaded images are kept until deleted by the administrator or until the server is rebuilt.
Admin sessions expire after inactivity, when you log out, or when the server is purged.
Account session tokens expire after 30 days or when you sign out. Account data is kept until you request deletion or the account is removed by staff.
Notifications are kept while relevant or until cleared according to site routines.
Revoked API keys remain in the database in revoked form for audit purposes.
Comments remain visible until deleted by you (when available) or by staff.
Under the GDPR you may have rights to access, rectification, erasure, restriction, objection, and data portability where data about you is concerned and where applicable law requires it.
Because we normally do not collect identifiable data about visitors beyond limited technical records, many requests may relate to logs held by the hosting provider.
Contact [email protected] for requests. You may also lodge a complaint with your supervisory authority.
Reasonable technical and organizational measures are used to protect data, including password-protected admin access, signed session cookies with secure flags (httpOnly, secure in production, SameSite), and idle timeout.
No website or system is completely secure, but we work to keep the site maintained and protected.
This policy may be updated from time to time. The latest version is always published on this page with an updated date.
Questions about this policy may be sent to [email protected].
For general site use rules, see the Terms of Service.