Skip to content
Policies FAQ Research About Our AI Policy
Adoption Spec For Developers Prompt Pack Branding Checker
Forum Contribute Support
Log In Register

Privacy Policy

Last updated: February 2026. This privacy policy describes how aipolicy.fyi collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR).

Data Controller

Today is Life GmbH
Randstr. 1, 22525 Hamburg, Germany
Email: hello@aipolicy.fyi

User Account

When you register for an account on aipolicy.fyi, we collect and store the following data:

  • Name: Your display name as provided during registration.
  • Email address: Used for login, notifications, and account recovery.
  • Password: Stored securely using bcrypt hashing (we never store your password in plain text).
  • Avatar URL: Your profile picture (either uploaded or provided by an OAuth provider).
  • Timestamps: Account creation date and last update date.

Legal basis: Contract fulfillment (Art. 6(1)(b) GDPR) -- processing is necessary to provide you with the account service you requested.

You can delete your account at any time from your profile settings. After deletion, your data enters a 30-day grace period during which you can request reactivation. After 30 days, all personal data is permanently and irreversibly erased.

You can export all your personal data in JSON format from your profile settings at any time (data portability, Art. 20 GDPR).

OAuth Providers (GitHub & Google)

You can sign in using GitHub or Google. When you authenticate via an OAuth provider, we receive and store the following data:

  • Name: Your public display name from the OAuth provider.
  • Email address: Your primary email address from the OAuth provider.
  • Avatar URL: Your profile picture from the OAuth provider.
  • Provider ID: A unique identifier assigned by the OAuth provider (not your password or access token).

We do not receive or store your password from any OAuth provider. We only request the minimum necessary scopes (profile and email). The OAuth provider's own privacy policy applies to data they process.

Legal basis: Your consent (Art. 6(1)(a) GDPR) -- you actively choose to sign in via an OAuth provider.

Community Forum

Our community forum is available at forum.aipolicy.fyi and is powered by Flarum. The forum operates as a separate application with its own database.

Single Sign-On (SSO) via OAuth2 is used to connect your aipolicy.fyi account with the forum. When you log in to the forum, your name, email, and avatar are shared with the forum application.

Forum posts, discussions, and other content you create on the forum are stored in the forum's separate database.

Legal basis: Your consent (Art. 6(1)(a) GDPR) -- you actively choose to participate in the forum.

To delete your forum data, contact us at hello@aipolicy.fyi. Deleting your aipolicy.fyi account does not automatically delete forum data.

Cookie Settings

This website uses a cookie consent banner that allows you to control which cookies are set. We use the following cookie categories and strictly necessary guard cookies:

  • Necessary cookies: Required for basic website functionality (session management, CSRF protection). These cannot be disabled. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).
  • Feedback guard cookie: When you submit the Prompt Pack feedback survey, we set a strictly necessary cookie for 24 hours to limit duplicate submissions. The cookie stores only a timestamp, not plain personal data or a user ID. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).
  • Functional cookies: Enable enhanced functionality such as language preferences and theme settings. Legal basis: Your consent (Art. 6(1)(a) GDPR).
  • Analytical cookies: Help us understand how visitors use the website. Currently no analytics service is active; this category is reserved for future use. Legal basis: Your consent (Art. 6(1)(a) GDPR).

Your cookie consent choice is logged server-side with an anonymized IP address (last octet set to 0) for accountability purposes (Art. 5(2) GDPR). You can change your cookie preferences at any time by clicking the cookie settings link in the footer.

Analytics

This website currently does not use any analytics services. We do not track page views, user behavior, or any other metrics. No data is sent to third-party analytics providers. Should this change in the future, it will only be activated with your explicit consent via the cookie banner.

Third-Party Services

Apart from the OAuth providers described above (GitHub, Google) and the forum application, this website does not embed or load any other third-party services. No external fonts, no CDN-hosted scripts, no social media widgets. All other resources are served from our own infrastructure.

Newsletter

If you subscribe to our newsletter, we collect only your email address.

  • We use double opt-in: you must confirm your subscription via email.
  • Your email is stored in our own database (not shared with third parties).
  • You can unsubscribe at any time by clicking the link in each email.
  • You can request deletion of your data by emailing hello@aipolicy.fyi.
  • Legal basis: Your consent (Art. 6(1)(a) GDPR).

Server Logs

Our web server automatically collects standard access logs including IP address, timestamp, requested URL, HTTP status code, and user agent. These logs are retained for a maximum of 30 days for security and operational purposes (Art. 6(1)(f) GDPR).

Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Erase your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at hello@aipolicy.fyi.