GOFIAN AI
Legal

Privacy

Last updated: 5 mai 2026.

Data collected

GOFIAN AI processes only the data strictly required for the service to function: email address, name, hashed password (NextAuth), cookie consent, and — for registered users — interactions with the prompt library (likes, favorites, submitted proposals).

Purposes

  • Authentication and user account management

  • Anonymized audience measurement (Google Analytics 4) if you consent via the cookie banner

  • Management of user-submitted prompt proposals (moderation, archival)

  • Transactional communications (welcome email, moderation notifications)

Legal basis

Processing relies on your consent (GDPR Art. 6.1.a) for non-essential cookies and signup, and on legitimate interest (GDPR Art. 6.1.f) for security and fraud prevention.

Retention period

  • User account: as long as the account is active, deleted on request

  • Connection logs: 12 months

  • Analytics cookies (_ga): 13 months maximum

  • Consent records: kept append-only as GDPR proof

Hosting and location

Data hosted in Frankfurt (UE) — données stockées exclusivement dans l'Union Européenne. Media stored on Cloudflare R2, "eu" jurisdiction. No primary-data transfers outside the EU.

Your rights

Under GDPR you have rights of access, rectification, erasure, portability, restriction and objection. To exercise them, contact philippe.marechal@tcmi.be.

You may also lodge a complaint with the Belgian Data Protection Authority (APD/GBA).

Third-party processors

  • Render Inc. (hosting, USA — DPA signed, EU region)

  • Cloudflare R2 (media storage, EU jurisdiction)

  • Resend (transactional email delivery)

  • Google Analytics 4 (anonymized audience measurement, consent required)

Contact

Data controller: Philippe Maréchal — philippe.marechal@tcmi.be.