// Legal
Privacy Policy.
How Eternal Minds AB handles personal data when you visit coldresponse.net and what rights you have under the GDPR.
1. Who we are
Eternal Minds AB (organisationsnummer 559527-5719,
VAT SE559527571901), Roslagsgatan 20 b, 761 31 Norrtälje, Sweden,
is the controller of the personal data processed on this website.
The signatory of the company is Robin Hofström. Contact us by email
at
for any privacy-related question, request or complaint.
2. What data we process, and why
Server access logs
Our hosting provider, Hostinger International Ltd. (an EU data processor under our contract), writes a standard web access log on every request: your IP address, the requested URL, the HTTP response code, your User-Agent header, the Referer header, and a timestamp. We use these logs to operate the site, detect abuse, diagnose errors and produce aggregate traffic counts. The lawful basis is our legitimate interest in maintaining and securing the site (GDPR Article 6(1)(f)). Logs are kept for up to 30 days and then deleted.
Local browser storage
The site stores a small flag in your browser's localStorage only after you click the Load Instagram content button on the gallery. The flag records your choice so that on your next visit we don't ask again. We do not set any cookies. The lawful basis is your consent (GDPR Article 6(1)(a)) and you can withdraw it at any time by clearing site data in your browser.
Instagram embed (opt-in only)
The "Field reports" gallery contains posts from
@coldresponseofficial. By default these are shown as a static
placeholder and no request is sent to Meta. If
you click Load Instagram content, the page loads
Instagram's official embed script
(embed.js)
from www.instagram.com. At that point your IP
address, User-Agent, and the referring URL are transferred to
Meta Platforms, Inc. in the United States, which acts as a
joint controller for that processing under
CJEU C-40/17 (Fashion ID).
Meta's own terms govern what they then do with the data — see the
Instagram Privacy Policy.
The transfer to the US relies on the EU-US Data Privacy
Framework and on Meta's Standard Contractual Clauses.
Withdraw consent: click the "Reset content choices" link in the site footer, or clear site data for coldresponse.net in your browser. The Instagram placeholder will reappear on your next visit and no further requests will be made to Meta.
Steam updates
Devlog cards labelled STEAM are pulled from Steam's
public news feed at deploy time and stored as a static file on
our own server. The header images for those posts are loaded
directly from Valve's CDN
(clan.fastly.steamstatic.com). Loading an image
transfers your IP and User-Agent to Valve Corporation. We
consider this functionally equivalent to visiting the Steam page
itself, which the rest of the site links to anyway. If you would
rather no request go to Valve, do not view the devlogs section.
Outbound links
Buttons that take you to Steam, Discord, YouTube or Instagram are
ordinary HTML links. We do not pass any data to those services
until you click. We use rel="noopener noreferrer" on
all outbound links so that the destination site cannot read your
Referer header.
3. Cookies
We set no cookies on this site. The browser
localStorage flag described above is the only
client-side state we write, and only after you opt in. If you
click Load Instagram content, Meta may set cookies
under its own policy — see the Instagram link above.
4. Recipients of your data
- Hostinger International Ltd. (Cyprus / EEA) — hosting and access logs, under a Data Processing Agreement.
- Meta Platforms, Inc. (USA) — only if you load the Instagram embed. Joint controller for that load; recipient under the EU-US Data Privacy Framework + SCCs.
- Valve Corporation (USA) — only if you view the devlogs section, which loads Steam-hosted header images.
We do not sell, rent or share your data with anyone else.
5. International transfers
Loads to Meta and Valve described above transfer data to the United States. We rely on the EU-US Data Privacy Framework adequacy decision and on the operators' own Standard Contractual Clauses. All other processing happens within the EU/EEA.
6. How long we keep data
- Server access logs: up to 30 days, then deleted.
- localStorage consent flag: until you clear it in your browser.
- We do not maintain any user accounts on this site.
7. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you (Article 15).
- Have inaccurate data corrected (Article 16).
- Have your data erased (Article 17).
- Restrict our processing (Article 18).
- Receive your data in a portable format (Article 20).
- Object to processing based on legitimate interest (Article 21).
- Withdraw any consent you have given, at any time, without affecting prior lawfulness.
Send a written request to
and we will respond within 30 days. We will not charge a fee for
reasonable requests.
8. Right to complain
You can lodge a complaint with a supervisory authority. The authority for Eternal Minds AB is Integritetsskyddsmyndigheten (IMY) — see imy.se/en/. Visitors in the United Kingdom can additionally complain to the Information Commissioner's Office (ICO) — ico.org.uk. You can also contact the supervisory authority in the EU member state where you live or work.
9. Changes to this policy
If we change how we process data, we will update this page and bump the Effective date. Significant changes will be announced in the site's devlog feed for transparency.