Privacy Policy
This policy explains what personal data we process when you use askan.ai, on what legal basis, and what rights you have under the EU General Data Protection Regulation (GDPR).
1. Controller
The controller responsible for data processing on this website is:
Email: contact @ askan.ai
2. Data we process
- Your questions. The text of your question is transmitted to the OpenAI API (OpenAI, USA) to generate an answer and is stored by us. Please do not enter any personal data, and in particular no special categories of personal data within the meaning of Art. 9 GDPR (e.g. health, religious or sexual-life data). Inputs containing email addresses or phone numbers are rejected automatically. OpenAI states it may retain API inputs for up to 30 days for abuse monitoring. High-quality answers may be published as public pages.
- IP addresses. We do not store your IP address in clear text. For abuse prevention (rate limiting) we process only a keyed cryptographic hash (HMAC) from which the IP cannot be reconstructed.
- Cookies. We set exactly one strictly necessary cookie (CSRF protection). No tracking or advertising cookies beyond the analytics described below.
- Bot protection. To protect the question form we use Cloudflare Turnstile (Cloudflare, Inc., USA). Technical data may be processed for abuse detection.
- Analytics. We use Google Analytics 4 (Google Ireland Ltd.) with IP anonymisation enabled to understand aggregate usage. Google may transfer data to the USA. You can prevent analytics tracking with a browser add-on (Google Analytics Opt-out) or by blocking the script.
- Server & CDN. The site is delivered via the Cloudflare CDN (reverse proxy). Technical server logs (requested page, timestamp, status code, request ID) are stored briefly for error analysis and security.
3. Legal bases
Art. 6(1)(b) GDPR (performance of the service you request), Art. 6(1)(f) GDPR (legitimate interest in the security and abuse-prevention of the service) and, where analytics cookies require it, Art. 6(1)(a) GDPR (your consent).
4. International data transfers
To provide the service, data is transferred to service providers in the USA (OpenAI, Google, Cloudflare). These transfers are based on the EU Standard Contractual Clauses and/or the EU–US Data Privacy Framework. Details: OpenAI, Google, Cloudflare.
5. Retention
Question logs that do not become published content are deleted after at most 90 days. Published articles remain until they are editorially removed. Technical logs are kept only for a short period.
6. Your rights
You have the right to access, rectification, erasure, restriction of processing, data portability and to object to processing (Art. 15–21 GDPR), and the right to lodge a complaint with a supervisory authority. To exercise these rights, contact us at the address above.
7. Encryption
This site uses SSL/TLS encryption for all connections.
8. Changes
We may update this policy to reflect changes to the service or legal requirements. The current version always applies.