adiuvAI/website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: GDPR — add privacy link under forms, update privacy policy with Brevo and retention

Browse Source
This commit is contained in:
Roberto Musso
2026-04-11 19:41:51 +02:00
parent 48110f8be6
commit 98f973316d
2 changed files with 171 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
privacy.html
View File

@@ -259,6 +259,7 @@
<p>We do not sell, rent, or trade your personal information. We share data only with:</p>
<ul>
<li><strong>Stripe</strong> — for payment processing (PCI DSS Level 1 compliant)</li>
<li><strong>Brevo (Sendinblue SAS)</strong> — for transactional emails (waitlist confirmation, product updates). Your email address is shared with Brevo solely to deliver these messages. Brevo acts as a data processor under GDPR and stores data in the EU. <a href="https://www.brevo.com/legal/privacypolicy/">Brevo Privacy Policy</a></li>
<li><strong>LLM providers</strong> (OpenAI, Anthropic) — text snippets for AI processing, under no-training data agreements</li>
<li><strong>Cloud infrastructure</strong> (hosting provider) — encrypted data only for cloud backup/sync features</li>
<li><strong>Law enforcement</strong> — only when required by law, and limited to data we actually possess (account info, not your local content)</li>
@@ -286,7 +287,8 @@
<ul>
<li><strong>Account data:</strong> Retained while your account is active. Deleted within 30 days of account deletion request.</li>
<li><strong>Encrypted backups:</strong> Deleted within 30 days of account deletion, or on your request.</li>
<li><strong>Waitlist emails:</strong> Retained until beta launch, then migrated to account data or deleted.</li>
<li><strong>Waitlist (confirmed):</strong> Retained until beta launch, then migrated to account data or deleted on request. Every email includes an unsubscribe link that immediately anonymizes your data.</li>
<li><strong>Waitlist (unconfirmed):</strong> Automatically anonymized after 48 hours. The anonymized record (signup date, source) is retained for aggregate analytics but contains no personal data.</li>
<li><strong>Server logs:</strong> Retained for 90 days, then purged.</li>
<li><strong>Local data:</strong> Under your control — persists until you delete it or uninstall the app.</li>
</ul>