Privacy Policy

Who is responsible for your data:

AI Deck is operated by AI Deck Team.

Contact Information:

• Email: privacy@aideck.io

• Legal inquiries: legal@aideck.io

Supervisory Authority:

If you are in the European Union and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

A list of EU Data Protection Authorities can be found at:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

We collect minimal data necessary to provide our services:

Automatically Collected:

• Browser type and version

• Device type (desktop/mobile)

• Pages visited and time spent

• Referring website

• Anonymous usage analytics via Vercel Analytics

Voluntarily Provided:

• Email address (newsletter signup only)

• Search queries (not linked to identity)

We Do NOT Collect:

• Names or personal identifiers (unless you provide them)

• Payment information (we don't sell anything yet)

• Location data beyond country-level

• Social media profiles

We use collected data for the following purposes:

Analytics & Improvement:

• Understand which tools and content are most useful

• Improve site performance and user experience

• Identify and fix technical issues

Communication:

• Send newsletter updates (only if you subscribed)

• Respond to your inquiries

Legal Basis (GDPR Article 6):

• Consent: Newsletter subscription

• Legitimate Interest: Analytics and site improvement

• Contract: Providing our directory services

We use trusted third-party services:

**Vercel** (Hosting & Analytics)

• Hosts our website

• Provides anonymous analytics

• Privacy: vercel.com/legal/privacy-policy

**Supabase** (Database)

• Stores tool directory data

• Processes newsletter signups

• GDPR compliant, EU data residency available

• Privacy: supabase.com/privacy

We do NOT:

• Sell your data to third parties

• Share personal data with advertisers

• Use tracking pixels from social networks

Where Your Data May Be Processed:

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States.

Our Service Providers:

• **Vercel** (USA): Website hosting and analytics - certified under the EU-US Data Privacy Framework (DPF)

• **Supabase** (USA): Database services - implements Standard Contractual Clauses (SCCs) and DPF certification

Legal Safeguards:

When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework certification

• Standard Contractual Clauses (SCCs) approved by the European Commission

• Technical and organizational security measures

Your Rights:

You have the right to request information about the specific safeguards applied to your data transfers. Contact us at privacy@aideck.io for details.

Essential Cookies:

• Theme preference (light/dark mode)

• Cookie consent choice

Analytics Cookies:

• Vercel Analytics (anonymous, privacy-focused)

• No personal identifiers stored

We do NOT use:

• Third-party advertising cookies

• Social media tracking cookies

• Cross-site tracking

You can manage cookie preferences through your browser settings or our cookie banner.

We retain data only as long as necessary:

After these periods, data is automatically deleted or anonymized.

Under GDPR, you have the following rights:

**Right to Access** (Art. 15)

Request a copy of your personal data

**Right to Rectification** (Art. 16)

Correct inaccurate personal data

**Right to Erasure** (Art. 17)

Request deletion of your data ("Right to be Forgotten")

**Right to Restrict Processing** (Art. 18)

Limit how we use your data

**Right to Data Portability** (Art. 20)

Receive your data in a portable format

**Right to Object** (Art. 21)

Object to processing based on legitimate interests

Right to Withdraw Consent

Withdraw consent at any time (newsletter, cookies)

To exercise any right:

• **Submit a request:** Visit our [Data Subject Request Form](/dsr)

• **Email us:** privacy@aideck.io

We will respond within 30 days as required by GDPR.