Privacy Policy
Your privacy matters to us. This policy explains what data we collect, how we use it, and your rights regarding your personal information.
Data We Collect
When you use the AI Irreplaceability Protocol, we collect: your email address and name (when you register), your quiz answers and scores, your protocol intake responses, and standard usage analytics (pages viewed, time on site).
How We Use Your Data
We use your data exclusively to: generate your personalized AI vulnerability assessment, create your Oracle report and Protocol, track your progress, and improve the quality of our recommendations. We never sell your personal data to third parties.
AI Processing
Your quiz answers and intake responses are processed by AI models to generate personalized reports. This data is used solely for generating your specific outputs and is not used to train AI models.
Data Storage
Your data is stored securely using industry-standard encryption. We use Cloudflare infrastructure for hosting and data processing. You can request deletion of your data at any time by contacting us.
Cookies
We use essential cookies for authentication (session management) only. Our analytics provider, Plausible, is cookieless and stores no personal data — no analytics cookies are set. Essential cookies cannot be disabled without losing the ability to sign in. If you accept the optional Analytics category in our cookie banner, we also store a random, non-identifying id in your browser's local storage to enable the anonymous quiz analytics described below; declining that category disables it entirely.
Anonymous Quiz Analytics
The free AI-exposure quiz is scored entirely in your browser. If — and only if — you accept the optional Analytics cookie category, we additionally store your anonymous quiz submission on our servers to understand and improve the funnel. We store your quizanswers, score, and result band, a random anonymous id (a UUID held in your browser, containing no personal data), and the interface language. We donot store your IP address, device, browser user-agent, name, or email with these records. If you later create an account, these anonymous attempts are linked to it so your history is complete, and you can access or delete them like any other account data. The legal basis is your consent (GDPR Art. 6(1)(a)), which you can withdraw at any time via the cookie settings. Anonymous attempts that are never linked to an account are automatically deleted after 180 days.
Data Controller
Kindl Dávid e.v. (sole proprietor, registered in Hungary), operating the WhatsMyEdge service at whatsmyedge.com. Contact: privacy@whatsmyedge.com.
Legal Basis for Processing
We process your personal data under the following legal bases (GDPR Art. 6):
- Contract performance (Art. 6(1)(b)): Account creation, quiz scoring, Oracle and Protocol generation, and PDF delivery — data is processed because you requested these services.
- Legitimate interest (Art. 6(1)(f)): Service delivery, security monitoring, fraud prevention, and platform improvement.
- Consent (Art. 6(1)(a)): Marketing and nurture emails, and anonymous quiz analytics — you may withdraw consent at any time from your account settings, the cookie settings, or via the unsubscribe link in any email.
Third-Party Processors
We share data with the following processors, each bound by a Data Processing Agreement:
- Cloudflare (US / EU): Hosting, CDN, and D1 database. EU data is stored in the WEUR region.Cloudflare DPA.
- Stripe (US / EU): Payment processing. Stripe processes billing data under their own GDPR obligations. Stripe DPA.
- Resend (US): Transactional email delivery (verification, receipts, document delivery). Resend DPA.
- Anthropic (US): AI model inference for Oracle and Protocol generation. Your intake responses are sent to Anthropic's API and are not used to train models.Anthropic Privacy.
- Plausible Analytics (EU): Privacy-friendly, cookieless analytics. No personal data or IP addresses are stored.Plausible Privacy.
Data Retention
We retain your data for the following periods:
- Account data: Kept until you request deletion. Soft-deleted immediately on request; permanently purged after 30 days.
- Generated documents (Oracle, Protocol): Retained for 2 years from generation date, or until account deletion, whichever comes first.
- Analytics data: Anonymized at collection by Plausible — no individual-level data is retained.
- Anonymous quiz attempts: Consent-based and pseudonymous (random id, no IP/email). Deleted after 180 days unless linked to an account, in which case they follow your account-data retention.
- Email logs: Delivery metadata retained for 90 days for troubleshooting.
Your Rights
Under GDPR you have the right to: access your data, correct inaccurate data, erase your account and all associated data (right to erasure), restrict processing, and port your data to another service. You can export your data or delete your account at any time fromyour settings page. To exercise any right, contact privacy@whatsmyedge.com.
Right to Lodge a Complaint
You may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) atnaih.hu. We encourage you to contact us first so we can address your concern directly.
Contact
For privacy-related questions, contact us at privacy@whatsmyedge.com.