Privacy Policy — chat.parkins.ai

1. Data Controller

The data controller for chat.parkins.ai is Graham Parkins. If you have any questions about this policy or how your data is handled, please contact: graham@parkins.info.

2. What Data We Collect

We collect the following categories of personal data:

Account data — your name, email address, and Google profile picture, obtained during sign-in via Google OAuth.
Conversation content — messages, images, documents, and other media that you send or receive through the service.
Technical data — IP address, browser type and version, and session cookies necessary for authentication.

3. How We Collect It

We collect your account data when you sign in using Google OAuth. Your Google profile data (name, email, profile picture) is provided by Google as part of the sign-in process. Conversation content is collected as you use the chat interface. Technical data is collected automatically when your browser connects to our servers.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

Legitimate interests (UK GDPR Article 6(1)(f)) — providing and securing a private family communication service. Our legitimate interest does not override your rights and freedoms.
Consent (UK GDPR Article 6(1)(a)) — by signing in with Google, you consent to the collection and use of your Google profile data for the purposes described here.

5. How We Use Your Data

To authenticate you and maintain your session.
To display your name and avatar within the service.
To store and deliver your messages to other members of the service.
To keep the service secure and prevent unauthorised access.

We do not use your data for advertising, profiling, or any commercial purpose.

6. Data Sharing

We do not sell your personal data. We do not share your data with third parties except as described below:

Google — receives data during the sign-in process per Google's Privacy Policy.
Cloudflare — processes data as our infrastructure provider. Cloudflare's privacy practices are described in their Privacy Policy.

7. Data Retention

Conversation messages are retained while the service is active.
Session cookies expire after 7 days of inactivity.
You may request deletion of your data at any time by contacting the data controller.

8. Your Rights

Under UK GDPR (Articles 15–22), you have the right to:

Access — request a copy of the personal data we hold about you.
Rectification — request correction of inaccurate data.
Erasure — request deletion of your personal data ("right to be forgotten").
Restriction — request that we restrict processing of your data in certain circumstances.
Data portability — receive your data in a structured, machine-readable format.
Object — object to processing based on legitimate interests.

To exercise any of these rights, please contact graham@parkins.info. We will respond within one month.

9. Cookies

We use one cookie:

session — an HttpOnly, Secure session cookie with a 7-day expiry. It is essential for authentication and cannot be disabled without losing access to the service.

We do not use tracking, analytics, or advertising cookies.

10. International Transfers

Cloudflare may process and store data on servers located outside the United Kingdom and the European Economic Area. Cloudflare uses Standard Contractual Clauses approved by the UK Information Commissioner's Office and the European Commission to ensure adequate protection for such transfers.

11. Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date at the top. Continued use of the service after changes constitutes acceptance of the revised policy.

12. Contact and Complaints

For any privacy-related queries, contact graham@parkins.info.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.