// PRV PRIVACY POLICY

Privacy Policy

Effective date: June 10, 2026

This policy explains what personal data 403AI ("we", "us") collects, why, and the choices you have. It applies to 403ai.org.

Who we are

The data controller responsible for your personal data is 403AI, contactable at 403ai.org@gmail.com. For privacy questions or to exercise your rights, use that address.

What we collect and why

We collect only what each feature needs:

  • Newsletter — your email address, when you subscribe. Used to send the newsletter. Basis: your consent. You can unsubscribe at any time via the link in any email.
  • Account (sign-in) — if you create an account with GitHub or Google, we receive your name, email address, profile image, and a provider account identifier from that service. Used to authenticate you and maintain your account. Basis: performance of the service you requested. The public handle you choose is the only identity shown to others by default.
  • Profile (optional) — any fields you choose to add: display name, bio, and links (shown publicly); and role, company, and interests (kept private and visible only to us). Used to power your public profile and to help us understand our audience and potential engagements. Basis: your consent. All fields are optional.
  • Business inquiries — when you contact us through "Work with us", the details you submit (such as name, email, company, and your message). Used to respond to your inquiry and discuss potential work. Basis: your consent and steps taken at your request prior to any contract.
  • Analytics — aggregate, cookieless usage data via PostHog. It is not linked to your identity and uses no tracking cookies. Basis: our legitimate interest in understanding and improving the site.
  • Security and operation — your IP address and basic request metadata are processed transiently for rate-limiting and abuse prevention, and standard server logs are generated. Basis: our legitimate interest in keeping the service secure.

We do not collect a phone number unless you provide one at a later, clearly-labeled stage of a business engagement.

Cookies

We use only essential cookies — an authentication session cookie when you are signed in, and a security (CSRF) token. We do not use advertising or cross-site tracking cookies, and our analytics is cookieless.

How we share data

We do not sell your personal data. We share it only with service providers ("processors") that operate the site on our behalf:

  • Vercel — hosting
  • Neon — database storage
  • Resend — newsletter and transactional email delivery
  • Upstash — rate-limiting
  • PostHog — cookieless analytics
  • GitHub / Google — sign-in, if you choose to use them

Some of these providers are located in the United States. Where your data is transferred outside your region, we rely on appropriate safeguards such as Standard Contractual Clauses.

How long we keep it

  • Newsletter email: until you unsubscribe.
  • Account and profile data: until you delete your account.
  • Business-inquiry data: as long as needed to respond and for a reasonable follow-up period.

You can delete your account and associated profile data yourself from your account settings.

Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or object to our use of your personal data, to data portability, and to withdraw consent at any time. You can also lodge a complaint with your local data-protection authority. To exercise any of these, use the account tools or contact us at 403ai.org@gmail.com. We will respond within the time required by applicable law.

Children

The site is not directed to children under 18, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.

Changes

We may update this policy. Material changes will be posted here with a new effective date.

Contact

Questions about this policy or your data: 403ai.org@gmail.com.