Privacy Policy
Last updated: [Date]
This Privacy Policy explains how [Your Organization Name] ("we," "us," or "our") collects, uses, and protects your information when you use the 1MinuteBrain service ("Service").
1. Data Controller
The data controller for information collected through this Service is:
[Your Organization Name]
[Your Address]
[your-email@example.com]
2. What Data We Collect
We collect the following data when you use the Service:
- Name — provided when you start a chat session
- Email address — provided when you sign up or start a chat session
- Phone number — if requested, provided when you start a chat session
- Chat messages — the full text of your questions and all AI-generated responses are recorded and stored
- Access tokens — unique tokens issued to authenticate your chat sessions
- IP addresses — collected automatically for security and rate-limiting purposes
- Session data — temporary authentication tokens to keep you logged in
3. How We Use Your Data
Your data is used for the following purposes:
- Providing the Service — processing your chat queries against the knowledge base and returning AI-generated answers
- Conversation review — the site operator may read and review your complete chat transcripts, including all messages you send and all AI responses. This is used for quality assurance, support, improving the knowledge base, and understanding what information users are seeking.
- Contact and follow-up — the site operator may use the name, email, and phone number you provide to contact you regarding your inquiry, provide additional information, or for legitimate business follow-up related to your use of the Service
- Security monitoring — detecting abuse, enforcing rate limits, and maintaining audit logs
- Service improvement — understanding usage patterns and conversation topics to improve the knowledge base and the Service
- Communications — sending updates if you opted in to marketing communications
We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.
4. Data Storage & Security
All data is stored on Cloudflare's global infrastructure, which provides:
- Database (D1) — structured data (accounts, sessions, audit logs) stored in Cloudflare's distributed SQL database
- Object storage (R2) — uploaded documents stored in Cloudflare's S3-compatible storage
- Encryption at rest — chat logs are encrypted using AES-256-GCM before storage
- Encryption in transit — all connections use TLS/HTTPS
- Password hashing — passwords are hashed with PBKDF2-SHA256 (10,000 iterations + random salt)
Personal data (names, email addresses, phone numbers) is stored separately from chat content in a different system. However, the site operator can view your personal data alongside your chat history for the purposes described in Section 3. Your data is never included in AI training data.
5. Data Retention
- Chat logs — retained for 90 days by default, then automatically deleted. This period is configurable by the site operator.
- Account data — retained for as long as your account is active, plus 30 days after deletion to allow recovery.
- Audit logs — retained for 12 months for security purposes.
- Marketing opt-in records — retained until you unsubscribe.
6. Cookies
We use only strictly necessary session cookies to maintain your authenticated session. We do not use:
- Third-party tracking cookies
- Analytics cookies
- Advertising cookies
No cookie consent banner is required because we only use essential cookies.
7. Third-Party Analytics & Tracking
We do not use any third-party analytics, tracking pixels, or advertising scripts. There are no external resources loaded that could track your behavior.
8. Sub-processors
We use the following sub-processor to operate the Service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Cloudflare, Inc. | Infrastructure: compute (Workers), database (D1), storage (R2), AI inference (Workers AI), vector search (Vectorize) | Global (edge network) |
No other third parties have access to your data.
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate personal data
- Erasure — request deletion of your personal data ("right to be forgotten")
- Portability — request your data in a structured, machine-readable format
- Restriction — request that we limit processing of your data
- Objection — object to processing of your data for specific purposes
- Complaint — lodge a complaint with your local data protection authority
To exercise any of these rights, contact us at [your-email@example.com]. We will respond within 30 days.
10. Children's Privacy
The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.
For material changes, we will make reasonable efforts to notify affected users (e.g., via email if you have opted in to communications).
12. Contact Us
If you have questions about this Privacy Policy or your personal data, contact us at:
[Your Organization Name]
[Your Address]
Email: [your-email@example.com]