Privacy Policy
Last updated: June 2026
1. General information and mandatory disclosures
I take the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. This website is a purely non-commercial private and hobby project.
Controller (responsible party):
Andreas Holzschneider
c/o Impressumservice Dein-Impressum
Stettiner StraΓe 41
35410 Hungen, Germany
Email: kontakt@moin-moin.it
2. Processing of the forwarded emails (phishing check)
The core of this service is the automated inspection of emails for phishing and spam. When you forward an email for inspection to spam-check-en@moin-moin.it, I process the following data:
- Your sender email address (to send you the result and to prevent abuse)
- The technical header data of the forwarded email (e.g. the sender's IP addresses)
- The content (text) and any URLs/links of the forwarded email
Purpose: The processing is carried out exclusively for the technical analysis of the email for malware, phishing indicators and fraud attempts, and to send the result to you.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in promoting IT security). You actively initiate the processing by forwarding the email.
Storage period:
- Original email in the mailbox: 7 days β after that it is automatically and completely deleted.
- Subject line and extracted links of the analysed email: up to 7 days in an internal database for operational purposes (admin dashboard) β after that it is automatically deleted. No access by third parties.
- Original phishing email (the inner email, not your forwarding email): For suspicious submissions, the actual phishing email is stored internally for up to 7 days β for the admin dashboard and for the possible manual forwarding to reporting bodies (APWG, Verbraucherzentrale NRW, see section 3). After that it is deleted automatically. In the event of feedback (false positive/false negative), this period starts from the time of the feedback.
- Your email address (sender profile) and analysis metadata (result, counters for rate limiting): up to 30 days after your last submission β after that it is deleted automatically. The sender profile serves exclusively to prevent abuse (rate limiting).
Data processing through use: By submitting an email, you acknowledge that it will be processed automatically as described in this privacy policy β including the possible disclosure of indicators to external services (section 3). Anyone who does not agree to this processing must not use the service.
3. Disclosure of data to external analysis services
In order to provide you with an accurate and secure result, I do not analyse emails only locally, but also compare extracted technical indicators (such as URLs, IP addresses, file hashes) and text fragments against established IT security databases and AI models via automated interfaces (APIs). In doing so, parts of the data you submit may be transmitted to the following third-party providers (some of them based in the USA or outside the EU):
- VirusTotal (Google Ireland Limited): To check links and file hashes for known malware.
- Google Safe Browsing (Google Ireland Limited): To compare URLs against Google's database of malicious websites.
- AbuseIPDB (Marathon Studios Inc., USA): To check whether the sender IP address of the phishing email has already been reported for spam or hacking.
- URLHaus (abuse.ch, Switzerland): To check links for malware distribution.
- PhishTank (OpenDNS/Cisco, USA): To compare URLs against a database of known phishing sites.
- Perplexity AI (USA): I use Perplexity's "Sonar" AI language model for intelligent text and context analysis of the email in order to detect sophisticated fraud attempts (e.g. CEO fraud).
- URL shortener services (e.g. bit.ly, t.co): If the email contains shortened URLs, these are resolved by an HTTP request (HEAD/GET) to the respective shortener service in order to determine the actual target domain. No email content or your sender address is transmitted in the process.
- OpenPhish (abuse.ch): A phishing URL list is downloaded daily and cached locally. The download contains no user data; the actual comparison of the URLs from the submitted email is carried out exclusively locally against this cached list β no URL data is transmitted.
- PhishStats: For checking, individual URLs from the submitted email are transmitted to PhishStats via a live API request. No email content or your sender address is transmitted.
- ThreatFox (abuse.ch, IOC database): For checking, individual URLs from the submitted email are transmitted to ThreatFox via an API request (with an auth key). No email content or your sender address is transmitted.
- Tranco (tranco-list.eu): A ranking of the 100,000 most-used domains is downloaded daily. The download contains no user data and serves exclusively to exclude known legitimate domains from community reporting.
Community reporting for confirmed threats: If an email is classified as a confirmed threat (phishing/malware), the following data may additionally be actively passed on to security databases or reporting bodies in order to protect the general public:
- VirusTotal: Newly discovered phishing URLs from the analysed email are submitted automatically, provided they are not yet known to VirusTotal.
- AbuseIPDB: The sender IP address of the phishing email is reported automatically, together with a short description of the suspicion and an excerpt of the subject line of the phishing email (max. 80 characters). What is transmitted is the sender IP of the phishing email and a short subject excerpt (max. 80 characters); your own sender address as the submitter is not transmitted.
- APWG – Anti-Phishing Working Group (USA): Confirmed phishing emails may be forwarded manually by the operator as the complete phishing email (EML file, not your forwarding email) to the APWG reporting body. The APWG is based in the USA — the transfer takes place in the public interest of combating phishing (Art. 6(1)(f), Art. 49(1)(d) GDPR). Only the submitted original phishing email is forwarded. All data contained therein may be processed. Note: Targeted phishing emails may contain your name or other personal details that the phishing sender embedded in the email.
- Verbraucherzentrale NRW (Phishing-Radar): Confirmed phishing emails may be forwarded manually by the operator as the complete phishing email (EML file, not your forwarding email) to the Phishing-Radar of the Verbraucherzentrale Nordrhein-Westfalen e. V. (Germany). Only the submitted original phishing email is forwarded. All data contained therein may be processed. Note: Targeted phishing emails may contain your name or other personal details that the phishing sender embedded in the email. (Art. 6(1)(f) GDPR)
Community reporting is carried out exclusively for submissions that have been clearly classified as suspicious and serves the legitimate interest of the general public in combating phishing (Art. 6(1)(f) GDPR). Further rules on using the service can be found in the terms of use (DE).
Important note on transfers to third countries: Through the use of these external APIs and through the manual report to the APWG, IP addresses, extracted links, text content and β in the case of the APWG β the complete phishing email including all data contained therein may be transferred to countries outside the European Economic Area (in particular to the USA). For the USA, an adequacy decision of the EU Commission exists (EU-U.S. Data Privacy Framework), provided the respective companies are certified there; otherwise the transfer is based on standard contractual clauses (Art. 46 GDPR) or on the public interest (Art. 49(1)(d) GDPR). Please do not submit any emails that contain highly sensitive personal data in plain text (e.g. passwords, banking details, trade secrets), as I cannot fully control the flow of data at the external providers.
4. Hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the host. The provider is ALL-INKL.COM - Neue Medien MΓΌnnich, HauptstraΓe 68, 02742 Friedersdorf, Germany. The use of ALL-INKL.COM is based on Art. 6(1)(f) GDPR (legitimate interest in a reliable provision of my website). I have concluded a data processing agreement (DPA).
5. Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser transmits automatically. These include, among others, browser type/version, operating system, referrer URL, hostname of the accessing computer and the time of the server request.
This data is not merged with other data sources. The collection is carried out under Art. 6(1)(f) GDPR. The log files are deleted after 7 days.
6. Cookies
This website sets exclusively a technically necessary session cookie (PHPSESSID) as soon as you access the homepage or the contact form. It serves solely to protect the contact form against automated abuse (CSRF protection), contains no personal content and is deleted at the latest after one hour or when the browser is closed. The cookie is set to HttpOnly and SameSite=Strict (with HTTPS additionally Secure). As it is technically required, no consent is needed (Β§ 25(2) no. 2 TDDDG, formerly TTDSG).
There is no tracking and no reach measurement. No external fonts, scripts, analysis tools or content delivery networks (CDNs) are loaded — all resources are delivered directly from this server, so that no visitor data (e.g. IP addresses) is passed on to third parties.
7. Contact form
If you send me an enquiry via the contact form (or directly to kontakt@moin-moin.it), your details from the form, including the contact data you provide there, are stored for the purpose of processing the enquiry. I do not pass this data on without your consent. The processing is based on Art. 6(1)(f) GDPR (legitimate interest in effective processing).
Storage period: The data is deleted as soon as it is no longer required to fulfil the purpose (processing the enquiry) and no statutory retention periods conflict with this.
8. Your rights
You have the right at any time to obtain information free of charge about the origin, recipients and purpose of your stored personal data (Art. 15 GDPR), as well as a right to rectification (Art. 16), erasure (Art. 17) and restriction of processing (Art. 18 GDPR). As the processing is based on a legitimate interest (Art. 6(1)(f) GDPR), you also have a right to object at any time (Art. 21 GDPR).
An informal email to kontakt@moin-moin.it is sufficient to exercise these rights. On request, I will also provide you with the data stored for your address in a machine-readable format (JSON). As this data is deleted automatically at the latest 30 days after your last submission anyway, any information or erasure can only relate to data that still exists at the time of your request.
Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority. You may contact the supervisory authority of your habitual residence or any other competent data protection authority. A list of all German supervisory authorities can be found at: bfdi.bund.de.