GDPR & Data Protection
Document Version: 1.0 | Last Updated: February 28, 2025 | Applies To: Pruneify
1. Data Controller Identity
The data controller is [PLACEHOLDER: Legal entity name], with its registered address at [PLACEHOLDER: Full address]. Contact: [PLACEHOLDER: Contact email].
2. Data Protection Officer
We have not designated a Data Protection Officer (DPO) as our processing does not meet the thresholds requiring one under GDPR Article 37. If you have data protection concerns, contact us at [PLACEHOLDER: Contact email].
3. Legal Bases Table
Processing activities, data types, legal bases, and retention:
| Purpose | Data Type | Legal Basis (Art. 6) | Retention |
|---|---|---|---|
| Process contact inquiries | Name, email, message, inquiry type | Consent | As long as Discord retains; no separate storage |
| Restore user preferences | Settings (sensitivity, toggles, presets) | Legitimate interest | Until user clears localStorage |
| Restore session / provide history | Session inputs, history (rawText, outputText, summary) | Legitimate interest | Until user clears localStorage / IndexedDB |
| Operate and secure the service | IP, user agent, path (hosting logs) | Legitimate interest | Per hosting provider policy |
4. Your Rights Under GDPR
You have the following rights (Articles 15–22):
- Right of access (Art. 15): Request a copy of your personal data. Contact us at [PLACEHOLDER: Contact email]. For browser-stored data (preferences, session, history), you can inspect and clear it via your browser.
- Right to rectification (Art. 16): Request correction of inaccurate data. Contact us for contact form data; for browser storage, clear and re-enter.
- Right to erasure (Art. 17): Request deletion of your data. Contact us for data we hold. For browser storage, clear site data in your browser settings.
- Right to restrict processing (Art. 18): Request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format. Contact form data can be exported on request.
- Right to object (Art. 21): Object to processing based on legitimate interest. Contact us to exercise this right.
- Right to withdraw consent (Art. 7): Where processing is based on consent (e.g., contact form), you may withdraw consent at any time. Withdrawal does not affect processing before withdrawal.
To exercise any right, email [PLACEHOLDER: Contact email]. We will respond within one month.
5. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority in your EU/EEA country. For example: UK – ICO; France – CNIL; Germany – BfDI. Find your authority: EDPB members.
6. Automated Decision-Making & Profiling
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. The AI-likeness score is a heuristic output for your information only; we do not use it to make automated decisions about you.
7. Data Breach Response
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, where required by GDPR Article 33. If the breach is likely to result in a high risk to you, we will inform you without undue delay per Article 34.
8. Cross-Border Transfer Safeguards
Contact form data is sent to Discord in the United States. Transfers are safeguarded by Standard Contractual Clauses (SCCs) or other adequacy mechanisms where applicable. Your browser-stored data (preferences, session, history) never leaves your device and is not transferred to us or any third party.
9. Cookie & Local Storage Consent
Pruneify uses localStorage and IndexedDB for essential functionality (preferences, session restore, history). This storage is strictly necessary to provide the service. Under ePrivacy and GDPR, such storage does not require prior consent. We do not use marketing or analytics cookies. See our Cookie Policy for details.
10. Record of Processing Activities (Summary)
A user-facing summary of our processing activities:
- Contact form: Collects name, email, message, type; sends to Discord webhook; used to respond to inquiries; retained by Discord per its policy.
- Browser storage: Preferences, session inputs, history stored locally; we do not access this data; retained until user clears.
- Hosting logs: IP, user agent, path; collected by hosting provider; used for security and operation; retained per provider policy.