Privacy Policy

Last updated: 26 April 2026.

This site (denis.app) is run by Denis Kalinichenko, a freelance Product Engineer based in Poland. I'm the data controller under GDPR. Contact: [email protected].

This page is plain language. If anything here is unclear, email me.

What I collect

When you load any page. Vercel Analytics records the page you viewed, your country (region-level, not city), the device class, and the referring site. It is cookieless and pseudonymous — no cross-site tracking, no profile built about you. You can opt out at the operating-system level via "Do Not Track" or browser tracking-protection settings.

When you use the /cli shell. Each prompt you send and the model's reply are stored as a transcript so I can review the conversation, refine the persona, and detect abuse. I save:

  • A salted hash of your IP address.
  • Your User-Agent string (browser/device identifier).
  • The prompt and reply text.
  • A session ID generated in your browser at session start.

On your device. The site stores a denis-theme key in your browser's localStorage to remember your light/dark theme choice. It never leaves your browser.

Nothing else. No tracking cookies. No advertising networks. No fingerprinting. No data sold to anyone.

Why I collect it

  • Analytics: to see which pages people read.
  • Transcripts: to keep the AI shell honest and improve the persona over time.
  • IP hash: to enforce per-visitor rate limits and block abusive traffic.
  • Theme key: so the site looks the same when you come back.

Who else processes it

  • Anthropic (US) — your /cli prompts are sent to the Claude API to generate replies. Anthropic processes them under their own privacy and usage terms.
  • Upstash (US/EU, via the Vercel Marketplace) — hosts the Redis store for rate-limit counters and transcripts.
  • Vercel (US) — hosts the site, the API function, and the analytics pixel.
  • Cloudflare — sits in front of DNS and the CDN edge.

These processors are US-based, so your data may be transferred there. Each one operates under Standard Contractual Clauses — the GDPR-recognised safeguard for cross-border transfers — and I rely on those.

I don't share your data with anyone else, and I don't sell it.

How long I keep it

  • Transcripts: indefinitely, but small in volume — manually pruned when stale or sensitive.
  • Rate-limit counters: 1 to 24 hours, then auto-expired.
  • Analytics: per Vercel's retention (typically up to 30 days for raw events, longer for aggregates).

Your rights under GDPR

You can ask me to access, correct, or delete data tied to you. Email [email protected] with whatever context you have (approximate session ID, date and time, IP if you remember it). I'll respond within 30 days.

Children

The site isn't aimed at children under 16, and I don't knowingly collect data from them.

Changes

If I change this policy in any meaningful way, I'll update the "Last updated" date at the top. Material changes get a footer note for at least 30 days.