How we handle your data.
We built this site to do as little with your data as possible. No tracking scripts, no analytics, no advertising pixels, no cookie banners, no newsletter traps. If you just read the site, we learn nothing about you we don’t strictly need to serve the page.
Last updated 2026-04-22
Irous 21 · GR 10442 · Athens, Greece
VAT 997 539 194 · ΓΕΜΗ 133102301000
info@libre.space
__cf_bm
bot-management cookie on some requests (strictly necessary,
30-minute lifetime — no consent required under ePrivacy).
Where this notice applies
www.libre.space (with libre.space redirecting to it), preview.libre.space, and manifesto.libre.space are covered by this single notice. The community forum at community.libre.space runs on self-hosted Discourse on LSF infrastructure; it processes registration details (email, username, IP logs) under the same controller (this foundation), with forum-specific data visible to registered members. No third-party processor is involved in running the forum; Cloudflare covers the CDN layer as everywhere else.
Third parties we use
| Processor | Purpose | Location | Transfer mechanism | When active |
|---|---|---|---|---|
| Cloudflare, Inc. | Hosting / CDN; every request terminates at Cloudflare's edge before reaching the static build. | USA (global edge) | Customer DPA + SCCs for EEA transfers | Always |
| Migadu S.à r.l. | Email hosting for info@libre.space and other @libre.space addresses. | Switzerland (infra in Switzerland + Luxembourg) | Commission adequacy decision for Switzerland; EU processor for Luxembourg portion. | Always |
| Stripe Payments Europe, Ltd. | Payment processor for donations and store checkout; also issues card receipts. | Ireland (EU) | EU processor — no third-country transfer for EEA card-holders; Stripe may sub-process in the USA under its own SCCs for global anti-fraud. | Active for donations. Extends to the store when you place an order there. |
| Patreon, Inc. | Alternative recurring-donation channel. Data processing happens on Patreon's platform; LSF only receives aggregated payout info. | USA | Patreon DPA + SCCs | Only if you choose Patreon; see their own privacy notice. |
Legal bases (GDPR Art. 6)
- Serving the site
- Art. 6(1)(f) legitimate interest — the foundation has a legitimate interest in running its public website; the processing is limited to what's technically necessary to serve each page.
- Donation processing
- Art. 6(1)(b) performance of contract (the donation record itself) + Art. 6(1)(c) legal obligation (retention of financial records under Greek tax law).
- Store orders
- Art. 6(1)(b) performance of the sales contract + Art. 6(1)(c) legal obligation (VAT records, accounting retention). Applies once a store order is placed.
- Forum membership
- Art. 6(1)(b) performance of the forum service terms you accept at sign-up.
- Responding to enquiries
- Art. 6(1)(f) legitimate interest in handling communications addressed to us.
- Security logs
- Art. 6(1)(f) legitimate interest in abuse prevention and investigation.
How long we keep data
- HTTP access logs (Cloudflare edge)
- Cloudflare default retention for the tier we're on.
- Donation records
- Ten years, per Greek tax law (L.4308/2014 on accounting books and records).
- Store order records
- Ten years, per the same accounting retention.
- Contact-form emails
- Twenty-four months unless a longer period is necessary to handle an ongoing matter or claim.
- Forum accounts
- Until you close your account or request erasure via the forum moderators.
Changes to this notice
We update this page when the processors or the data-processing activities change. Material changes — a new processor, a new legal basis, a change in transfer mechanism — are reflected by bumping the "Last updated" date at the top and noted in the commit log for this file so you can see exactly what changed and when.
See also legal notice, accessibility, transparency.