Privacy Policy

Data Controller

Oleksandr Lytvynov · Norway · privacy@personal.dfcdn.net

Data We Collect

• Chat messages (encrypted at rest with pgcrypto)
• Session metadata (hashed IP address, user agent)
• Booking information (name, email — when you book a call)
• Cookie consent preferences

Legal Basis

• Art. 6(1)(a) — Consent for analytics and marketing cookies
• Art. 6(1)(b) — Contract performance for calendar bookings
• Art. 6(1)(f) — Legitimate interest for anonymized session digest

Retention

Your Rights (GDPR)

• Right of Access (Art. 15)
• Right to Rectification (Art. 16)
• Right to Erasure (Art. 17)
• Right to Data Portability (Art. 20)

Exercise your rights via the chat leaving flow, the DSAR endpoint, or by emailing privacy@personal.dfcdn.net.

Owner Digest

When you end a session, an anonymized statistical digest may be retained under legitimate interest (Art. 6(1)(f)). You can opt out of this during the leaving flow.

Third-Party Services

• Google Gemini API (LLM processing — messages sent to Google)
• Anthropic Claude API (fallback LLM processing)
• Authentik (self-hosted authentication — no third-party data sharing)