Privacy Policy

This policy explains what personal data is collected when you use griban.dev and how it is handled. Ruslan Griban, operating as an individual entrepreneur based in Zhytomyr, Ukraine, is the data controller. For any data-protection matter contact [email protected].

From the **brief form**: your name, company, email, project type, description, selected features, timeline, budget range, additional details, and your consent confirmation with timestamp and version. Automatically on submission: IP address (for rate-limiting and abuse prevention, truncated to /24 after 30 days). From general site usage: standard server logs (page, user agent, referrer, timestamp) retained for 14 days and aggregated analytics events if Google Analytics is enabled. From error monitoring: stack traces and request context collected by Sentry for 90 days to diagnose production issues.

Delivering the service requires the following third-party processors. Each is bound by its own data-processing agreement and contractual confidentiality. • **Anthropic** — LLM inference for AI features. Default retention of prompts and completions is 30 days. Zero Data Retention is available on request for clients on a commercial plan. Anthropic is SOC 2 Type II, ISO 27001, and ISO 42001 certified; their Data Processing Addendum is auto-incorporated with commercial terms and includes EU Standard Contractual Clauses. • **Telegram** — receives a notification when a brief is submitted (name, email, message excerpt) so I can respond quickly. No session data or LLM conversation content is sent to Telegram. • **Google Analytics** — if enabled on your visit, aggregates anonymous usage metrics. • **Sentry** — error monitoring with 90-day retention. • **Dokploy / Hetzner** — hosting infrastructure for this site.

Brief submissions are retained for 24 months from the date of submission and then purged unless an active engagement requires longer retention (in which case retention is governed by the service agreement). Server logs are retained for 14 days. Sentry error records are retained for 90 days. Anthropic API retention is 30 days by default (client-controlled when you bring your own API key) or zero when a Zero Data Retention agreement is in place. Analytics data is aggregated and not personally identifiable after processing.

Under GDPR and comparable regimes you have the right to access your personal data, request correction, request erasure, object to processing, and request portability of the data you provided. To exercise any of these rights, email [email protected]. I respond within 30 days. If you believe your rights have been violated, you may lodge a complaint with your local supervisory authority.

Personal data submitted via the brief form is processed on the basis of **pre-contractual necessity** (GDPR Art. 6(1)(b)) — I need it to respond to your inquiry and, if we proceed, to prepare a service agreement. Server logs, rate limits, and error monitoring are processed on the basis of **legitimate interest** (GDPR Art. 6(1)(f)) in securing the service against abuse and maintaining it in working order. Analytics are processed on the basis of **consent** (GDPR Art. 6(1)(a)) where applicable and only if analytics cookies are accepted.

In the event of a personal-data breach likely to result in a risk to your rights and freedoms, I notify affected individuals and the competent supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Art. 33–34. The notification describes the nature of the breach, the data affected, the measures taken, and the contact point for more information.

griban.dev uses only essential cookies required for the site to function (theme preference, locale selection). No advertising or cross-site tracking cookies are set. If analytics cookies are used, they are set only after affirmative consent and can be withdrawn at any time by clearing your browser storage for this site.

This policy may be updated to reflect changes in the service, the sub-processor list, or applicable law. The effective date of the current version is shown at the top of this page. Active clients are notified by email for material changes. Continued use of the site after posted changes constitutes acceptance of the revised policy.