Service Overview
This Privacy Policy applies specifically to the AI Assistant service at ai.brianfending.com, a session-based AI chat application designed to provide information about Brian Fending's professional background and experience.
Contact Information
Data Controller: Brian Fending
Email: hello@brianfending.com
Primary Website: brianfending.com
For all privacy-related inquiries, data subject requests, or concerns, please contact: hello@brianfending.com
Information We Collect
Information You Provide
- Email address (required for session access and queue management)
- Chat messages (all questions, responses, and interactions during sessions)
- Feedback (optional ratings or comments about service quality)
Automatically Collected Information
- Session data: Session duration, timestamps, queue position, activity logs
- Technical information: IP address, browser type, device information, access times
- Usage analytics: Interaction patterns, response times, feature usage statistics
- AI metrics: Response quality scores, conversation categorization, training effectiveness
- Security data: Rate limiting logs, authentication attempts, abuse prevention metrics
Cookies and Tracking Technologies
- Essential cookies: Session management and basic functionality
- Preference cookies: User settings (dark mode, language preferences)
- Analytics cookies: Usage analysis and performance monitoring
- Security cookies: Rate limiting and abuse prevention
How We Use Your Information
Primary Service Functions
- AI responses: Providing personalized information about Brian Fending's professional background
- Session management: Operating queue system, managing 60-minute session limits
- Access control: Email-based authentication and session notifications
- Queue management: Position tracking, wait time estimates, capacity control
Service Improvement and Training
- AI model training: Using conversations to improve response quality and accuracy
- Knowledge base enhancement: Extracting insights to better answer future questions
- Performance optimization: Analyzing usage patterns to optimize system performance
- Feature development: Understanding user needs to develop new capabilities
Business and Analytics
- Usage analytics: Understanding service adoption and user behavior
- Cost monitoring: Tracking AI API usage and operational costs
- Quality assurance: Monitoring conversation quality and user satisfaction
- Research and development: Advancing AI assistant capabilities
Legal Basis for Processing (GDPR)
- Consent: Email submission for service access, conversation participation
- Legitimate interest: Service improvement, security monitoring, performance analytics
- Contract performance: Delivering requested AI assistant services
- Legal obligations: Compliance with applicable laws and regulations
Ownership and Rights to Submitted Content
Content Ownership Transfer
By using this AI assistant service, you acknowledge and agree that:
- Full ownership transfer: All messages, questions, and content you submit become the exclusive property of Brian Fending
- Unlimited usage rights: You grant Brian Fending unlimited, perpetual, worldwide, royalty-free rights to use, modify, reproduce, distribute, and create derivative works from your submitted content
- Commercial applications: Your content may be used for AI model training, business development, marketing, research, or any other commercial purpose
- Waiver of attribution: You waive any moral rights, attribution claims, or authorship rights to submitted content
- No compensation: You are not entitled to any compensation for the use of your submitted content
AI-Generated Content
- Exclusive ownership: All AI-generated responses are the exclusive property of Brian Fending
- No user rights: Users receive no ownership rights in AI-generated content
- Unlimited reuse: AI responses may be reused, republished, modified, or incorporated into other materials without attribution
Conversation Data
- Complete ownership: Entire conversation logs, including both user input and AI responses, belong to Brian Fending
- Business use rights: Conversations may be analyzed, shared with business partners, used in marketing materials, or published as case studies
- Research applications: Anonymized or de-identified conversation data may be used in research, academic publications, or industry presentations
- Training data: All conversations contribute to AI model improvement and training datasets
Data Storage and Processing
Storage Infrastructure
- Database: Supabase (PostgreSQL, US-based)
- Application hosting: Vercel (US-based, global CDN)
- AI processing: Anthropic Claude API (US-based)
- Email services: Postmark (US-based)
- Analytics: Internal logging systems
Data Retention Periods
| Data Type | Retention Period | Purpose |
|---|
| AI conversations | Indefinite | AI training, service improvement |
| Session metadata | 7 years | Operational analysis, compliance |
| Email addresses | Until removal requested | Access management |
| Technical logs | 30 days | Security, troubleshooting |
| Analytics data | 5 years | Business intelligence |
| Rate limiting data | 30 days | Abuse prevention |
Security Measures
- Encryption: HTTPS/TLS for all data transmission, encryption at rest
- Access controls: Role-based authentication, admin verification
- Rate limiting: Multi-layer protection against abuse (IP and email-based)
- Monitoring: Continuous security monitoring and incident response
- Infrastructure security: Enterprise-grade hosting with SOC 2 compliance
- Data minimization: Collecting only necessary information for service operation
International Data Transfers
Your information is processed primarily in the United States through our service providers including Supabase, Vercel, Anthropic, and Postmark. Data may also be processed in other countries where our service providers operate.
Transfer Safeguards
For EU/UK Data Subjects:
- Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with all processors
- Supplementary measures: Additional technical and organizational safeguards
- Transfer assessments: Regular evaluation of transfer mechanisms and legal frameworks
Technical Safeguards:
- End-to-end encryption for data transmission
- Encrypted storage of personal data
- Access logging and monitoring
- Regular security assessments
Data Sharing and Disclosure
Service Providers
We share information with essential service providers:
- Supabase: Database hosting and management
- Vercel: Application hosting and content delivery
- Anthropic: AI model processing (Claude API)
- Postmark: Email delivery services
Business Purposes
Your conversations and data may be used for:
- Case studies: Demonstrating AI assistant capabilities (anonymized)
- Training data: Improving AI models and response quality
- Marketing materials: Showcasing service effectiveness
- Research and development: Advancing AI technology
- Business partnerships: Collaborations with technology providers
- Academic research: Contributing to AI and natural language processing research
Legal Requirements
We may disclose information when required by law or to:
- Comply with legal process, subpoenas, or court orders
- Protect our rights, property, or safety
- Prevent fraud or illegal activities
- Enforce our service policies and prevent abuse
Your Rights Under Data Privacy Laws
Universal Rights (All Users)
- Information access: Know what personal information we collect and how it's used
- Data access: Request access to your personal information
- Correction rights: Request correction of inaccurate information
- Limited deletion: Request deletion of your email address and session metadata
- Communication opt-out: Unsubscribe from optional communications
GDPR Rights (EU/UK Residents)
- Right to rectification: Correct inaccurate personal data
- Right to erasure: Limited deletion rights (see limitations below)
- Right to restrict processing: Limit how we use your data
- Right to data portability: Receive your data in portable format
- Right to object: Object to processing based on legitimate interests
CCPA Rights (California Residents)
- Right to know: Categories and specific pieces of personal information collected
- Right to delete: Limited deletion rights (see limitations below)
- Right to opt-out: We don't sell personal information
- Right to non-discrimination: Equal service regardless of privacy choices
Important Limitations on Rights
Conversation Data Limitations:
- AI training integration: Submitted conversations cannot be deleted after being processed into AI training systems
- Technical impossibility: Trained AI models cannot have specific data extracted or removed
- Legitimate business interests: Indefinite retention justified for service improvement and business operations
- Intellectual property protection: Training methodologies and model improvements are trade secrets
What CAN be deleted:
- Your email address from our access control system
- Session metadata and technical logs
- Analytics data tied to your identity
What CANNOT be deleted:
- Conversation content already integrated into AI training
- Anonymized or aggregated data derived from your interactions
- Data required for legal compliance or business operations
AI-Specific Privacy Considerations
AI Training and Model Development
- Training data integration: Your conversations become part of the AI's training dataset
- Model improvement: Your interactions help improve response quality for all users
- Knowledge extraction: Information from conversations may be extracted into structured knowledge bases
- Pattern analysis: Conversation patterns inform AI development and optimization
AI Content Generation
- Response generation: AI responses are generated based on your questions and conversation context
- Personalization: Responses may be tailored based on conversation history within your session
- Cross-session learning: Improvements from your conversations may benefit other users
- Quality scoring: AI responses are analyzed for quality and accuracy
Data Flow to AI Providers
- API processing: Your messages are sent to Anthropic's Claude API for processing
- Context sharing: Conversation history and knowledge base context are included in API calls
- Third-party policies: Anthropic's data usage policies also apply to your interactions
- Provider changes: We may change AI providers, and your data may be processed by different systems
Service-Specific Features
Queue and Session Management
- Email-based access: Sessions require email verification
- Queue position tracking: Real-time updates on wait times and position
- Session limits: 60-minute active sessions with automatic cleanup
- Capacity management: System supports concurrent users with queue overflow
Rate Limiting and Security
- IP-based limits: Protection against automated abuse
- Email-based limits: Preventing spam and overuse
- reCAPTCHA integration: Human verification for session requests
- Disposable email blocking: Prevention of temporary email address abuse
Admin Analytics
- Usage monitoring: Tracking system performance and user engagement
- Quality assessment: Analyzing conversation quality and AI performance
- Cost tracking: Monitoring API usage and operational expenses
- Training curation: Selecting high-quality conversations for model improvement
Third-Party Services
Supabase (Database)
- Services: PostgreSQL database, authentication, real-time subscriptions
- Data stored: All conversation data, session information, user emails
- Privacy policy: https://supabase.com/privacy
Anthropic (AI Processing)
- Services: Claude AI model API for generating responses
- Data shared: Your questions, conversation history, knowledge base context
- Privacy policy: https://www.anthropic.com/privacy
Vercel (Hosting)
Postmark (Email)
How to Exercise Your Rights
Making Requests
Submit all privacy requests to: hello@brianfending.com
Include:
- Your full name and email address used with the service
- Specific right you wish to exercise
- Approximate dates of service usage
- Any specific conversations or sessions you're referencing
Request Processing
- Acknowledgment: Within 5 business days
- Response time: Within 30 days (may extend to 60 days for complex requests)
- Verification: We may request additional information to verify your identity
- Free service: Most requests processed at no charge
AI Service Disclaimers
AI-Generated Content Limitations
- Experimental technology: AI responses may be unpredictable or inaccurate
- Hallucination risk: AI may generate plausible but false information
- Not professional advice: Responses should not be considered professional guidance
- Verification required: Always verify AI-generated information independently
Service Availability
- No guarantees: Service provided "as is" without availability warranties
- Feature changes: Service features may be modified or discontinued
- Capacity limits: Access may be restricted during high demand
- Maintenance downtime: Scheduled and emergency maintenance may interrupt service
Children's Privacy
This service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will delete it promptly.
Changes to This Policy
We may update this privacy policy to reflect:
- Changes in service features or AI capabilities
- Changes in applicable privacy laws
- Updates to our data practices
- New third-party integrations
Notification methods:
- Prominent notice on the service website
- Email notification for material changes (where possible)
- Updated effective date
Regulatory Contacts
Filing Complaints
If your privacy concerns aren't adequately addressed, you may contact:
EU/UK Residents:
- Your local data protection authority
- UK: Information Commissioner's Office (ICO) - https://ico.org.uk
California Residents:
- California Attorney General's Office - privacy@oag.ca.gov
Contact Information
For all privacy-related questions or requests:
Email: hello@brianfending.com
Subject Line: "Privacy Request - AI Assistant"
We are committed to protecting your privacy and will respond to all inquiries promptly and professionally.
This privacy policy applies specifically to the AI Assistant service at ai.brianfending.com. Last updated January 27, 2025.