Privacy Policy kaan.life
Version 1.0, effective date: [INVULLEN: publication date]
1. Who we are and what this policy covers
This privacy policy covers all online services of kaan.life and its subdomains:
- the kaan.life website, which includes a feedback feature with an AI chat assistant;
- the powerlifting records site (powerlifting.kaan.life), which shows competition results and records;
- the AI chat service advchat (advchat.kaan.life and www.kaan.life), where you can chat and share documents;
- the sign-in service (sso.kaan.life), which lets you log in to our services with one account.
Data controller:
- Name: [INVULLEN]
- Registered address: [INVULLEN]
- Contact: [INVULLEN, e.g. privacy@kaan.life]
- Dutch Chamber of Commerce number: [INVULLEN or "n/a"]
2. What personal data we process
Feedback feature (kaan.life). Your chat messages, a technical session code, the page changes you suggest and, only if you choose to enter it, your email address.
Powerlifting records site. Data about competition athletes from public sources: name, sex, year of birth, country, weight class, body weight, competition results and, for registrations, club name. Chapter 4 explains where this data comes from. Visitors of this site do not enter any data; we collect nothing from visitors.
Advchat. Your account details (username and email address), your chat conversations and the documents you upload [ASSUMPTION - VERIFY: exactly what advchat stores]. If you use the service through WhatsApp: your phone number and your messages [ASSUMPTION - VERIFY: whether the WhatsApp channel is active]. The service can exchange data with a connected AFAS environment [ASSUMPTION - VERIFY: which data].
Account (sso.kaan.life). Your username, email address and an encrypted version of your password.
All services. Your IP address, briefly and only to prevent abuse (see chapter 8). We do not store IP addresses in a database.
3. Purposes and legal bases
| Processing | Purpose | Legal basis (GDPR) |
|---|---|---|
| Feedback and chat messages | Receiving and following up on your feedback | Consent (art. 6(1)(a)) |
| Optional email address with feedback | Contacting you about your feedback | Consent (art. 6(1)(a)) |
| Showing sports statistics | Making the public Dutch powerlifting record accessible | Legitimate interest (art. 6(1)(f)) |
| Account and sign-in | Providing the services you have an account for | Performance of a contract (art. 6(1)(b)) |
| AI chat (advchat) | Answering your questions, processing documents | Performance of a contract (art. 6(1)(b)) [ASSUMPTION - VERIFY] |
| Brief IP processing | Security and abuse prevention | Legitimate interest (art. 6(1)(f)) |
Our legitimate interest in the sports statistics is making the public competition record of the powerlifting sport accessible. You can object to this; see chapter 9.
4. Data from public sources (powerlifting)
The athlete data on the powerlifting records site does not come from the athletes themselves. It comes from three public sources:
- the international OpenPowerlifting dataset (data.openpowerlifting.org), a public archive of competition results;
- the live results service of the KNKF powerlifting section during competitions;
- the public competition calendar of the KNKF powerlifting section, including registration lists.
We do not inform athletes individually; with thousands of athletes from a public archive, that would take a disproportionate effort (art. 14(5)(b) GDPR). This policy serves as general information. If you do not want to appear on the site, object through our contact address (chapter 9). For removal from the source itself, OpenPowerlifting runs its own redaction process; we will point you there on request.
5. Who we share data with
We do not sell data. We share data only with parties we need to run the services:
| Party | For what | Which data |
|---|---|---|
| Hetzner Online GmbH (Germany) | Hosting of all services | All stored data |
| Anthropic | AI answers in the feedback chat and advchat | Chat messages and page context |
| OpenAI | AI answers in advchat | Chat messages [ASSUMPTION - VERIFY] |
| Microsoft (Azure) | AI answers and document processing in advchat | Chat messages and uploaded documents [ASSUMPTION - VERIFY] |
| Meta (WhatsApp Business) | WhatsApp channel of advchat | Phone number and messages [ASSUMPTION - VERIFY] |
| AFAS | Connection between advchat and an AFAS environment | [ASSUMPTION - VERIFY] |
| Google (Fonts) | Fonts on kaan.life | Your IP address when the page loads [ASSUMPTION - VERIFY: drops out if fonts are self-hosted before publication] |
The public sources in chapter 4 supply data to us; they do not receive data from us.
6. Transfers outside the European Economic Area
Our servers are in the European Union (Germany). Some suppliers process data in the United States as well:
- Anthropic and OpenAI: transfers based on the European Commission's Standard Contractual Clauses (art. 46 GDPR).
- Microsoft: certified under the EU-US Data Privacy Framework; Microsoft also processes data within the European Union where possible (EU Data Boundary) [ASSUMPTION - VERIFY: whether the Azure services used run in an EU region].
- Meta and Google: transfers based on the EU-US Data Privacy Framework [ASSUMPTION - VERIFY certification status].
7. How long we keep data
| Data | Retention period |
|---|---|
| Feedback (chat, suggestions, email address) | At most 12 months after receipt |
| Account details | As long as your account exists; deleted within 1 month after cancellation |
| Chat conversations and documents in advchat | [ASSUMPTION - VERIFY: we still need to set this period] |
| Sports statistics (records, results) | Indefinitely, as a historical sports archive; you can object (chapter 9) |
| IP addresses for security | A few minutes, in memory only |
| Technical log files | At most 30 days [ASSUMPTION - VERIFY log retention] |
8. How we protect your data
- We encrypt all connections (HTTPS).
- We store all data on servers within the European Union.
- We restrict access to admin functions and protect it with keys.
- We store passwords in encrypted form only.
- We automatically redact email addresses in log files.
- Request limits protect the services against abuse.
9. Your rights
You have the right to access, rectify and erase your data, to restrict processing, to data portability, and to object to processing based on our legitimate interest. The right to object applies in particular to the sports statistics: if you object, we assess whether we shield or remove your data, and we point you to the redaction process at the source.
Send your request to [INVULLEN, e.g. privacy@kaan.life]. We respond within one month. We may ask you to prove your identity before we carry out your request.
10. Withdrawing consent
If you gave consent, for example by entering your email address with feedback, you can withdraw it at any time through our contact address. Withdrawal does not affect processing that took place before you withdrew.
11. Automated decision-making
We make no decisions about you that rest solely on automated processing and have legal effects for you. The AI features give answers and suggestions; they make no decisions about you.
12. Cookies and local storage
We use no tracking cookies, no analytics cookies and no advertising cookies. That is why we show no cookie banner. We do use functional storage that the services need to work:
- a sign-in cookie from sso.kaan.life once you log in;
- temporary browser storage (sessionStorage) for the feedback chat on kaan.life, cleared when you close your browser tab;
- a security cookie for the site administrator (not for visitors).
13. Filing a complaint
You have the right to lodge a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl). We appreciate it if you contact us first, so we can try to resolve your complaint ourselves.
14. Changes to this policy
We may change this policy, for example when the services change. The current version is always available at privacy.kaan.life, with a version number and effective date. For major changes we inform account holders where reasonably possible.
15. Contact
Questions about this policy or about your data? Contact us at [INVULLEN, e.g. privacy@kaan.life].