Yes. webentity builds marketing websites — not software that processes personal records or sensitive data. GDPR compliance for a marketing website is straightforward.
What we do by default
- EU hosting: All websites run on Vercel's EU infrastructure (Frankfurt region)
- No personal data stored: Your website collects no visitor data by default — no cookies, no analytics database, no user accounts
- No third-party trackers: We don't embed advertising pixels, CRMs, or third-party scripts without your knowledge
- Static architecture: The site generates and serves static HTML files — there is no backend database that could be breached
Your responsibility as a regulated professional
You remain responsible for any tools you add to your website. Common additions that require GDPR attention:
- Contact forms — we use privacy-first form services (no data stored on our servers)
- Analytics — if you want visitor stats, we recommend privacy-first tools like Plausible or Fathom
- Appointment booking — use a GDPR-compliant booking tool, add a data processing agreement with the provider
- Newsletter signups — requires explicit consent and a double opt-in flow
What we recommend for all clients
- Cookie consent banner with clear opt-in/out
- Privacy policy covering all data processing activities
- Keep any sensitive business or client data out of marketing websites entirely
- Impressum and Datenschutzerklärung are included in every build (German market)
For regulated professions (doctors, lawyers, financial advisors)
A static webentity marketing site is a safer choice than many alternatives — no backend database to breach, no third-party scripts by default, EU-hosted. Just make sure any booking, consultation, or client management tools you link to have their own data processing agreements.
Bottom line
Less data = less risk. We collect none by default.