Privacy Policy

Last Updated: July 17, 2025

This Privacy Policy describes how we collect, use, and protect your personal information when you use this website and service.

Information We Collect

Account Information

• Email address - collected when you create an account or sign in with Google
• Username - if you create a local account instead of using Google authentication
• Authentication data - tokens and session information for login purposes

Chat Data

• Chat messages - your conversations with our AI chatbot
• Session identifiers - to link chat messages to your account
• Timestamps - when messages were sent

Analytics Data

• Session IDs - unique identifiers for your visit (used for analytics only, not authentication)
• Page views - which pages you visit on our site
• Usage patterns - how you interact with our site features

Server Logs

• IP addresses - automatically collected in server logs
• Access logs - pages requested, timestamps, user agents
• Error logs - technical information when errors occur

How We Use Your Information

Account Management

We use your email address and authentication data to:

• Provide secure access to your account
• Maintain your login session
• Enable account recovery if needed

Chat Service

We use your chat messages and session data to:

• Provide AI-powered chatbot responses through Anthropic's API
• Improve our chatbot service quality
• Associate chat history with your account

Analytics

We use session IDs and usage data to:

• Understand how our site is used
• Improve user experience and site performance
• Identify and fix technical issues

Security and Operations

We use IP addresses and server logs to:

• Protect against abuse and security threats
• Debug technical problems
• Maintain system stability

Future Communications (with your consent)

We may use your email address to:

• Send updates about our upcoming app
• Notify you about new features or services

Legal Basis for Processing

We process your personal data based on:

• Contract Performance - Account management and chat services are necessary to provide our service
• Legitimate Interests - Analytics, security monitoring, and system administration
• Consent - Email marketing and communications (when you opt in)

Data Sharing and Third Parties

Anthropic

Your chat messages are sent to Anthropic's API to generate AI responses. Anthropic processes this data according to their privacy policy and data processing agreement. We do not control how Anthropic processes your data beyond our service requirements.

Google Authentication

If you sign in with Google, your authentication is processed by Google according to their privacy policy. We only receive basic profile information necessary for account creation.

No Other Sharing

We do not sell, rent, or share your personal information with any other third parties except as described above or as required by law.

Data Retention

• Chat messages - Automatically deleted after 60 days
• Account information - Retained while your account is active, plus 30 days after account deletion
• Analytics data - Retained for up to 2 years
• Server logs - Automatically deleted after 90 days
• Email marketing data - Retained until you unsubscribe, plus 3 years for compliance records

Your Rights Under GDPR

If you are located in the European Union, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you, including:

• Your account information
• Chat message history
• Analytics data associated with your sessions

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You can request that we delete your personal data. We will comply unless we have a legal obligation to retain certain information.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

Right to Data Portability

You can request that we provide your personal data in a structured, machine-readable format.

Right to Object

You can object to our processing of your personal data based on legitimate interests.

Right to Withdraw Consent

For any processing based on consent (like email marketing), you can withdraw your consent at any time.

Cookies and Tracking

Essential Cookies

We use essential cookies for:

• Maintaining your login session
• Security protection (CSRF tokens)
• Basic site functionality

Analytics

We use self-hosted Umami analytics software that:

• Does not track you across other websites
• Does not use invasive tracking methods
• Respects "Do Not Track" browser settings
• Does not require cookie consent under GDPR

We do not use Google Analytics or other third-party tracking services.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security updates and monitoring
• Access controls and authentication
• Secure hosting infrastructure

International Data Transfers

Your data may be processed in countries outside the European Union. When this occurs, we ensure appropriate safeguards are in place through:

• Adequacy decisions by the European Commission
• Standard contractual clauses
• Data processing agreements with third parties

Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification (if you have an account)
• Updating the "Last Updated" date at the top of this policy

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: ben@gazebo.fyi
Subject Line: Privacy Policy Inquiry

For data protection requests, please include:

• Your account email address
• Specific request (access, deletion, correction, etc.)
• Any relevant details to help us process your request

We will respond to your request within 30 days as required by GDPR.

This Privacy Policy is effective as of the date listed above and applies to all users of our website and service.