Privacy Policy
Effective Date: May 15, 2025
Last Updated: July 27, 2025
Scope and Application
This Privacy Policy applies to all digital properties operated by Brian Fending, including:
- Main website: brianfending.com
- AI Assistant service: ai.brianfending.com
- All subdomains: *.brianfending.com
- Future services and applications hosted on these domains
Contact Information
Data Controller: Brian Fending
Email: hello@brianfending.com
Primary Website: brianfending.com
For all privacy-related inquiries, data subject requests, or concerns across any of our services, please contact: hello@brianfending.com
Information We Collect
Portfolio Website (brianfending.com)
Information You Provide:
- Name (required)
- Email address (required)
- Company name (optional)
- Subject category (required)
- Message content (required)
- Additional subject details (when "Other" is selected)
Automatically Collected:
- Technical data: IP address, browser type, operating system, referring website
- Usage data: Pages visited, time spent on site, click patterns
- Device information: Screen resolution, device type, browser settings
- Analytics data: Google Analytics 4 (GA4) website usage metrics
AI Assistant Service (ai.brianfending.com)
Information You Provide:
- Email address (required for session access)
- Chat messages (all questions and interactions during sessions)
- Feedback (ratings or comments about service quality)
Automatically Collected:
- Session data: Session duration, timestamps, activity logs, queue position
- Technical information: IP address, browser type, device information, access times
- Usage analytics: Interaction patterns, response times, feature usage
- Conversation metadata: Message counts, session patterns, response quality metrics
All Services - Common Data Collection
Cookies and Tracking Technologies:
- Essential cookies: Basic site functionality across all services
- Preference cookies: User settings (dark mode, language preferences)
- Analytics cookies: Google Analytics 4 for usage analysis
- Session cookies: Maintaining login states and service access
How We Use Your Information
Portfolio Website
- Communication: Responding to inquiries and business requests
- Professional networking: Following up on opportunities and collaborations
- Site improvement: Understanding visitor behavior and optimizing user experience
- Analytics: Measuring site performance and popular content
AI Assistant Service
- Service delivery: Providing AI-powered responses about Brian Fending's professional background
- Session management: Operating waiting room system and managing 60-minute session limits
- Access control: Sending session notifications and queue status updates
- Service improvement: Analyzing conversation patterns to enhance AI response quality
- Performance optimization: Monitoring system performance and response times
- Feature development: Creating better user experience and new capabilities
Legal Basis for Processing (GDPR)
Across All Services:
- Legitimate interest: Site analytics, service improvement, security monitoring
- Consent: Contact form submissions, optional communications, AI service usage
- Contract performance: Delivering requested services and responding to inquiries
- Legal obligations: Compliance with applicable laws and regulations
Ownership and Rights to Submitted Content
Portfolio Website
- Your content remains yours: Contact form submissions retain your ownership
- Limited use rights: We may use inquiries to improve our services
- No commercial exploitation: Contact messages are not used for training or commercial purposes
AI Assistant Service
Important Notice: By using ai.brianfending.com, you acknowledge and agree that:
- Content ownership transfer: All messages, questions, and content you submit become the property of Brian Fending
- Unlimited usage rights: You grant Brian Fending unlimited, perpetual, worldwide rights to use, modify, reproduce, and distribute your submitted content
- Commercial applications: Your submitted content may be used to improve AI models, create training data, or for any other business purpose
- Waiver of attribution: You waive any moral rights or attribution claims to submitted content
AI-Generated Responses:
- All AI-generated responses are the exclusive property of Brian Fending
- Users receive no ownership rights in AI-generated content
- AI responses may be reused, republished, or incorporated into other materials
Conversation Data:
- Complete conversation logs belong to Brian Fending
- May be analyzed, shared with third parties, or used for commercial purposes
- Anonymized conversation data may be published or used in research
Data Storage and Processing
Storage Infrastructure
- Contact form data: Google Forms/Google Workspace (US-based)
- Website hosting: Vercel (US-based, global CDN)
- AI service hosting: Railway, Fly.io, or similar cloud providers (US-based)
- Database services: Supabase or equivalent (US-based)
- Email services: AWS SES, Postmark, or similar providers
Data Retention Schedules
| Data Type | Service | Retention Period | Purpose |
|---|---|---|---|
| Contact form submissions | Portfolio | 3 years | Business communication |
| Email correspondence | All services | 7 years | Legal and business requirements |
| AI conversations | AI Assistant | Indefinite | Service improvement, training |
| AI session logs | AI Assistant | 7 years | Operational analysis |
| GA4 analytics data | All services | 14-50 months | Performance analysis |
| Technical logs | All services | 30 days | Security and troubleshooting |
| User email addresses | AI Assistant | Until removal requested | Access management |
Security Measures
We implement comprehensive security measures across all services:
- Encryption: HTTPS/TLS for all data transmission
- Access controls: Role-based authentication and authorization
- Infrastructure security: Enterprise-grade hosting with SOC 2 compliance
- Monitoring: Continuous security assessment and incident response
- Data minimization: Collecting only necessary information
- Regular audits: Periodic security and privacy assessments
International Data Transfers
Your information may be transferred to and processed in countries outside your residence, including:
- United States: Primary hosting and operations for all services
- Global CDN locations: For performance optimization
- Service provider locations: Where our vendors operate
Data Transfer Safeguards
We ensure appropriate protection for all international transfers through:
For EU/UK Data Subjects:
- Standard Contractual Clauses (SCCs): We use the European Commission's approved SCCs with all data processors
- UK Transfer Risk Assessments: Conducted for all UK data transfers under UK GDPR
- Supplementary measures: Additional technical and organizational safeguards where required
- Adequacy decisions: We rely on adequacy decisions where available (currently none for US transfers)
For Other Jurisdictions:
- Contractual protections: Data processing agreements with equivalent protections
- Cross-border privacy rules: Compliance with APEC frameworks where applicable
- Local law assessments: Evaluation of data protection laws in destination countries
US Government Access Limitations:
We implement technical measures to limit exposure to potential government surveillance:
- Data encryption in transit and at rest
- Access logging and monitoring
- Data minimization practices
- Regular security assessments
Transfer Impact Assessments:
We conduct regular assessments of:
- Legal frameworks in destination countries
- Technical safeguards effectiveness
- Alternative processing locations
- Data subject rights enforcement mechanisms
Data Sharing and Disclosure
Service Providers
We share information with trusted third parties who assist in operating our services:
Common to All Services:
- Hosting providers (Vercel, Railway, Fly.io)
- Email services (AWS SES, Postmark)
- Analytics services (Google Analytics 4)
- Security and monitoring services
AI Assistant Service Specific:
- Database providers (Supabase)
- AI model providers (may change at any time, including but not limited to models from Anthropic, OpenAI, Google, and other hosted or open source providers)
- Queue management services
Business Purposes (AI Assistant Service)
Your information and submitted content may be shared for:
- Creating case studies of AI assistant capabilities
- Training improved AI models
- Marketing and promotional materials
- Research and development purposes
- Business partnerships and collaborations
Legal Requirements
We may disclose information when required by law or to:
- Comply with legal process, subpoenas, or court orders
- Protect our rights, property, or safety
- Prevent fraud or illegal activities
- Enforce our Terms of Service
Your Rights Under Data Privacy Laws
Universal Rights (All Users)
Regardless of location, you have the right to:
- Know what personal information we collect and how it's used
- Request access to your personal information
- Request correction of inaccurate information
- Request deletion of your information (subject to limitations below)
- Withdraw consent for optional communications
GDPR Rights (EU/UK Residents)
- Right to rectification: Correct inaccurate personal data
- Right to erasure: Delete personal data under certain circumstances
- Right to restrict processing: Limit how we use your data
- Right to data portability: Receive your data in portable format
- Right to object: Object to processing based on legitimate interests
- Rights regarding automated decision-making: We don't use automated decision-making
CCPA Rights (California Residents)
- Right to know: Categories and specific pieces of personal information collected
- Right to delete: Request deletion of personal information
- Right to opt-out: Opt-out of sale of personal information (we don't sell data)
- Right to non-discrimination: Equal service regardless of privacy choices
Important Limitations on Rights
AI Assistant Service Limitations:
- Submitted conversations: Cannot be deleted after processing due to integration into AI training systems
- Business operations: Some data retained based on legitimate business interests
- Technical constraints: Inability to extract data from trained AI models
- Trade secrets: Protection of proprietary AI training methodologies
Legal Basis for Limitations:
- Legitimate business interests in AI model improvement
- Technical impossibility of extraction from trained systems
- Protection of intellectual property
- Compliance with other legal obligations
Third-Party Services
Google Services
- Google Forms: Contact form submissions
- Google Workspace: Email processing
- Google Analytics 4: Website traffic analysis and user behavior insights
Privacy policies:
- Google Privacy Policy: https://policies.google.com/privacy
- Google Analytics Data Processing: https://support.google.com/analytics/answer/6004245
Vercel (Website Hosting)
- Hosting and deployment: All static websites
- Content delivery network: Global performance optimization
- Basic analytics: Performance metrics
Privacy policy: https://vercel.com/legal/privacy-policy
Other Service Providers
Additional services may be integrated for AI assistant functionality:
- Cloud hosting providers (Railway, Fly.io)
- Database services (Supabase)
- Email delivery services
- AI model providers
We maintain data processing agreements with all third-party processors.
How to Exercise Your Rights
Data Subject Access Requests (DSAR)
Submit all requests to: hello@brianfending.com
Required Information:
- Your full name and email address
- Specific service(s) you've used
- Specific right you wish to exercise
- Relevant details to help locate your information
- Proof of identity for security purposes
Request Processing
Timeline:
- Acknowledgment: Within 5 business days
- Standard requests: Within 30 days (GDPR) or as required by law
- Complex requests: Up to 60 days with notification
- AI service requests: May require additional time due to technical complexity
Verification:
We may request additional information to verify identity before processing requests, including:
- Confirmation of email address used with our services
- Approximate dates of service usage
- Sample interactions (for AI assistant requests)
Disclaimers and Limitations
AI-Generated Content (ai.brianfending.com)
Service Nature and Limitations:
- Experimental technology: This AI assistant service uses experimental artificial intelligence technology that may produce unpredictable results
- AI hallucination risk: The AI may generate responses that appear factual but contain inaccurate, incomplete, or entirely fabricated information
- Not professional advice: AI responses should not be considered professional, legal, financial, career, or personal advice of any kind
- Human judgment required: All AI-generated content requires human verification and should not be relied upon for important decisions
- Training data limitations: AI responses are based on training data that may be outdated, biased, or incomplete
Accuracy and Reliability Disclaimers:
- No warranty of accuracy: We make no representations about the accuracy, completeness, or reliability of AI-generated responses
- Factual errors expected: AI responses may contain factual errors, outdated information, or logical inconsistencies
- Context limitations: The AI may misunderstand context, nuance, or specific circumstances relevant to your inquiry
- Bias and perspective: AI responses may reflect biases present in training data or model architecture
- User responsibility: Users must independently verify all information obtained through the service
Professional and Legal Disclaimers:
- No attorney-client relationship: Use of the AI service does not create any professional advisory relationship
- No substitute for professional consultation: Users should consult qualified professionals for advice relevant to their specific circumstances
- Liability limitation: Brian Fending disclaims liability for any decisions, actions, or outcomes based on AI-generated responses
- Information only: All responses are provided for informational purposes only
Technical Limitations:
- Model constraints: AI responses are limited by model capabilities, training data cutoffs, and processing constraints
- Inconsistent responses: The same question may generate different responses at different times
- Language processing errors: The AI may misinterpret questions, especially those with ambiguous phrasing
- Knowledge boundaries: The AI cannot access real-time information or personal data beyond its training
Service Availability
- Services provided "as is" without warranties
- No guarantee of continuous availability or reliability
- Features may change, be suspended, or discontinued
- Performance estimates are not guarantees
Limitation of Liability
- Liability limited to maximum extent permitted by law
- Not liable for indirect, incidental, or consequential damages
- Total liability for any claims will not exceed $100
- Some jurisdictions may not allow these limitations
Children's Privacy
Our services are not intended for users under 16 (or under 13 in the US). We do not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will delete it promptly.
Changes to This Policy
We may update this privacy policy to reflect:
- Changes in our practices across any service
- Changes in applicable law
- New features or services on any domain
Notification of Changes
- Material changes: Prominent notice on affected websites
- Service-specific changes: Notification on relevant service
- Rights-affecting changes: Direct notification where possible
- Minor updates: Updated effective date
Complaints and Regulatory Contact
Filing Complaints
If we haven't adequately addressed your privacy concerns, you may file complaints with:
EU/UK Residents:
- Your local data protection authority
- UK: Information Commissioner's Office (ICO)
- EU: Find your authority at https://edpb.europa.eu/about-edpb/board/members_en
California Residents:
- California Attorney General's Office
- Email: privacy@oag.ca.gov
Other Jurisdictions:
- Canada: Privacy Commissioner of Canada
- Australia: Office of the Australian Information Commissioner
- Contact your local privacy regulator
International Framework Compliance
This privacy policy complies with:
- GDPR (General Data Protection Regulation) - EU/UK
- CCPA (California Consumer Privacy Act) - California, US
- PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
- Privacy Act 1988 - Australia
- LGPD (Lei Geral de Proteção de Dados) - Brazil
- Other applicable privacy laws
Emergency Privacy Contacts
For urgent privacy concerns or suspected data breaches:
- Email: hello@brianfending.com
- Subject Line: "URGENT - Privacy Incident"
- Include your contact information for immediate response
Contact for Privacy Matters
For all privacy-related questions, requests, or concerns across any service:
Email: hello@brianfending.com
Subject Line: Privacy Inquiry - [Service] - [Type of Request]
Examples:
- "Privacy Inquiry - AI Assistant - Data Deletion Request"
- "Privacy Inquiry - Portfolio - Access Request"
- "Privacy Inquiry - General - Question about Policy"
We are committed to protecting your privacy across all our digital properties and will respond to all inquiries promptly and professionally.
This privacy policy covers all services operated under brianfending.com and its subdomains. It was last updated on July 27, 2025 and is effective as of May 15, 2025.