Privacy

This notice describes what personal data is processed when you visit this blitsbom deployment, and on what legal basis. The site is operated by the entity named in the imprint. Operators must adapt this notice to their own hosting setup, retention policy, and applicable law before publishing it.

Summary

• No cookies, no analytics, no tracking, no third-party embeds are shipped by the blitsbom application itself.
• SBOM files you load stay in your browser. They are never uploaded or transmitted to any server by the application.
• The web server keeps standard access logs (IP address, request, user agent, timestamp) for [RETENTION PERIOD], then deletes them.
• A small theme preference is stored in your browser's localStorage so the site remembers your light/dark choice. Nothing is sent to the server.

How the app works

blitsbom is a static single-page application. Once the HTML, CSS, and JavaScript have been delivered to your browser, all SBOM parsing, filtering, and rendering runs locally on your device. SBOM contents are not sent to the server, and no telemetry is collected by the application.

Hosting

This site is hosted by [HOSTING PROVIDER NAME AND ADDRESS]. When you connect, the hosting provider necessarily processes your IP address and other connection metadata to route the request. Their handling of this data is described in their privacy policy at [HOSTING PROVIDER PRIVACY POLICY URL].

Server logs

The web server on the hosting infrastructure records standard access log entries for each request. These may include:

• IP address of the requesting client
• Date and time of the request
• Requested URL and HTTP method
• HTTP status code and response size
• User agent and referrer headers, if sent by your browser

These logs are used solely for operating the service — diagnosing errors, investigating abuse, and protecting the integrity of the server. They are retained for [RETENTION PERIOD] and then deleted. They are not used for analytics, profiling, or sharing with third parties.

Legal basis (where the GDPR applies): Art. 6 (1) (f) GDPR — legitimate interest in the secure and reliable operation of the service. Operators outside the EU/EEA should replace this section with the applicable legal basis for their jurisdiction.

Transport encryption (TLS)

Connections to this site are encrypted with TLS. Certificates are issued by [CERTIFICATE AUTHORITY OR ACME PROVIDER]. No visitor data is shared with the certificate authority as part of normal browsing.

Cookies and local storage

The blitsbom application sets no cookies. It uses your browser's localStorage to remember a small set of preferences (currently: light/dark theme). This data stays on your device and is never sent to the server. You can clear it at any time via your browser's site-data settings.

Third parties

The blitsbom application loads no third-party fonts, scripts, analytics, or embeds. The only outbound network resources are those you explicitly click (for example, links to GitHub or to vulnerability advisories from your SBOM). If the operator of this deployment adds additional third-party services (for example, a reverse proxy, CDN, or analytics layer), they must be listed here.

Your rights

Where applicable law (such as the GDPR) grants you rights to information, rectification, erasure, restriction of processing, data portability, and objection to processing, you may exercise these rights by contacting the email address listed in the imprint. You may also have the right to lodge a complaint with a supervisory authority.

Changes to this notice

This notice may change as the deployment evolves. The current version is always published at /privacy.html.