Privacy Policy

Last updated: November 4, 2025

1. Data Controller

Djalel Benbouzid
AI Strategy & Governance Consultant
Email: dp@dbenbouzid.com
Website: https://dbenbouzid.com

For any data protection inquiries, please contact: dp@dbenbouzid.com

2. Data We Collect

2.1 AI Assistant Conversations (If You Use the Chat Feature)

When you use our browser-based AI assistant, we collect:

  • Conversation content: Your questions and the AI's responses
  • Technical metadata:
    • Session ID (randomly generated, not linked to you)
    • Timestamp of each message
    • Response time (performance metric)
    • Browser information (user agent, language, platform)
    • Screen resolution
    • WebGPU support status

We do NOT collect:

  • IP addresses
  • Names or email addresses (unless you voluntarily include them in your messages)
  • Location data beyond browser language settings
  • Cookies or tracking identifiers

2.2 General Website Usage

This website does not use cookies, analytics, or tracking technologies for general browsing. The AI assistant conversation logging only occurs if you actively use the chat feature and consent to it.

3. Legal Basis for Processing (GDPR Article 6)

We process your conversation data based on your explicit consent (Article 6(1)(a) GDPR).

When you use the AI assistant, you are presented with a disclaimer clearly explaining:

  • What data is collected
  • Why it's collected (quality improvement and analytics)
  • That you should not share sensitive personal data

By clicking "Accept & Continue" and using the chat feature, you provide explicit consent to this data processing.

4. Purpose of Processing

We use the collected conversation data exclusively for:

  • Quality improvement: Understanding common questions to improve the AI assistant's responses
  • Performance monitoring: Analyzing response times to optimize the system
  • Service analytics: Understanding usage patterns to improve the service
  • Error detection: Identifying and fixing issues with the AI assistant

We do not use this data for:

  • Marketing or advertising
  • Selling or sharing with third parties
  • Profiling or automated decision-making
  • Any purpose other than those stated above

5. Data Retention (Storage Limitation)

Conversation logs are automatically deleted on a monthly basis.

  • Retention period: Maximum 30 days
  • Deletion process: Automated monthly purge of logs older than 30 days
  • Backup retention: Database backups are retained for 7 days (standard practice), then permanently deleted

If you request immediate deletion (see Section 7), your data will be removed within 48 hours.

6. Data Storage and Security

6.1 Where Your Data is Stored

Conversation logs are stored using Supabase (PostgreSQL database).

  • Data location: EU region (Frankfurt, Germany) - GDPR-compliant hosting
  • Data processor: Supabase Inc. (with GDPR-compliant Data Processing Agreement)
  • International transfers: None - data stays within the EU

6.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Row Level Security (RLS): Database-level access controls prevent unauthorized access
  • Encryption: All data transmitted over HTTPS (TLS 1.3)
  • Database encryption: Data at rest is encrypted by Supabase
  • Access controls: Only the data controller (Djalel Benbouzid) has read access to logs
  • Rate limiting: Prevents abuse and spam

6.3 Browser-Based Processing

The AI model runs entirely in your browser using WebGPU. Your conversation content is:

  • Processed locally on your device
  • NOT sent to external AI services (OpenAI, Google, etc.)
  • Only logged to our database for the purposes stated above

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access (Article 15)

You can request a copy of your conversation data. Contact: dp@dbenbouzid.com

Right to Rectification (Article 16)

You can request correction of inaccurate data (though conversations are stored as-is for accuracy).

Right to Erasure / "Right to be Forgotten" (Article 17)

You can request immediate deletion of your conversation data. To do so:

  1. Use the "Download Chat" button in the AI assistant to save your Session ID
  2. Email dp@dbenbouzid.com with subject "GDPR Data Deletion Request"
  3. Include your Session ID (format: session_XXXXX_XXXXX)
  4. We will delete your data within 48 hours and confirm via email

Right to Restriction of Processing (Article 18)

You can request that we stop processing your data. Contact us to exercise this right.

Right to Data Portability (Article 20)

You can download your conversation data using the "Download Chat" button in the AI assistant. This provides a machine-readable JSON file.

Right to Object (Article 21)

You can object to processing at any time. Simply stop using the AI assistant or request deletion.

Right to Withdraw Consent (Article 7)

You can withdraw your consent at any time by:

  • Stopping use of the AI assistant
  • Requesting deletion of existing data (see Right to Erasure above)

Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state where you reside, work, or where the alleged infringement occurred.

For France: Commission Nationale de l'Informatique et des Libertés (CNIL)

How to Exercise Your Rights

To exercise any of these rights, email: dp@dbenbouzid.com

Response time: Within 30 days (as required by GDPR Article 12)

8. Third-Party Services

Supabase (Database Hosting)

  • Service: PostgreSQL database hosting
  • Role: Data Processor
  • Location: EU (Frankfurt, Germany)
  • GDPR compliance: Yes, covered by Data Processing Agreement
  • Privacy policy: https://supabase.com/privacy

GoatCounter (Privacy-Friendly Analytics)

  • Service: Privacy-focused web analytics
  • Purpose: Understanding website usage and visitor patterns (page views only)
  • Data collected: Page URLs, referrer information, browser type, screen size, country (based on IP, not stored)
  • What is NOT collected: Personal identifiers, cookies, precise location, IP addresses (used only for country lookup, then discarded)
  • GDPR compliance: Yes, designed to be GDPR-compliant by default
  • Privacy policy: https://www.goatcounter.com/help/privacy

Note: GoatCounter is an open-source, privacy-friendly alternative to Google Analytics. It does not use cookies or track users across websites. The analytics only apply to general website browsing, not the AI assistant conversations.

CDN Services (fonts, libraries)

We use CDN services (Google Fonts, cdnjs.cloudflare.com, jsdelivr.net) to load fonts and JavaScript libraries. These may log IP addresses in their server logs, which is outside our control. These are essential for the website to function.

9. Children's Privacy

This service is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be notified via a prominent notice on the AI assistant disclaimer.

11. Contact Information

For any questions, concerns, or requests regarding your personal data or this privacy policy:

Data Controller: Djalel Benbouzid

Email: dp@dbenbouzid.com

Website: https://dbenbouzid.com

We will respond to your request within 30 days as required by GDPR.