Legal

Privacy Policy

How we collect, use, and protect your personal data. Fully compliant with GDPR and PIPL.

Effective Date: Last Updated:
GDPR Compliant (EU)PIPL 个人信息保护法 Compliant (China / 中国)CCPA Compliant (California)

1. Privacy Overview

Simon Wilby ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit SimonWilby.io and related services.

This policy complies with: General Data Protection Regulation (GDPR) - European Union Personal Information Protection Law (PIPL) 个人信息保护法 - People's Republic of China 中华人民共和国 California Consumer Privacy Act (CCPA) - California, USA Nevada Privacy Law - Nevada, USA

Data Controller: Simon Wilby / Wilby AI Labs Contact: privacy@wilby.ai Data Protection Officer (DPO): dpo@wilby.ai

2. Data We Collect

Information You Provide: Contact information (name, email) when you reach out via contact forms Communication records when you correspond with us Professional information if you apply for positions

Automatically Collected Data: Device information (browser type, operating system) IP address (anonymized for EU/China users) Usage data (pages visited, time spent, referral source) Cookies and similar tracking technologies (see Cookie Policy)

We DO NOT Collect: Sensitive personal data (health, religion, political views) Financial information (we do not process payments on this site) Location data beyond country-level (derived from IP) Social media data unless you explicitly connect accounts

4. Your Rights Under GDPR (EU Users)

If you are located in the European Economic Area (EEA), you have the following rights:

Right of Access (Article 15): Request a copy of personal data we hold about you.

Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.

Right to Erasure / "Right to be Forgotten" (Article 17): Request deletion of your personal data in certain circumstances.

Right to Restriction (Article 18): Request limitation of processing in specific situations.

Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format.

Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing.

Right Not to be Subject to Automated Decision-Making (Article 22): We do not make automated decisions that significantly affect you.

How to Exercise Your Rights: Email: gdpr@wilby.ai Response Time: Within 30 days (extendable by 60 days for complex requests) Verification: We may verify your identity before processing requests.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

5. Your Rights Under PIPL 个人信息保护法 (China Users / 中国用户)

If you are located in the People's Republic of China (中华人民共和国), the Personal Information Protection Law (PIPL / 个人信息保护法) grants you the following rights:

Right to Know and Decide (Article 44): Know how your personal information is processed Decide whether to consent to processing Restrict or refuse processing (except where required by law)

Right to Access and Copy (Article 45): Request access to and copies of your personal information.

Right to Correction and Supplementation (Article 46): Request correction of inaccurate information.

Right to Deletion (Article 47): Request deletion when: Processing purpose achieved or no longer necessary Service terminated Consent withdrawn Processing violates laws or agreement

Right to Explanation (Article 48): Request explanation of personal information processing rules.

Right to Portability (Article 45): Request transfer of personal data to another handler.

Cross-Border Data Transfer (Articles 38-43): We ensure adequate protection for any data transferred outside China through: Standard contractual clauses Security assessments where required Obtaining separate consent for cross-border transfers

How to Exercise Your Rights (如何行使您的权利): Email / 电子邮件: pipl@wilby.ai Response Time / 响应时间: Within 15 working days / 15个工作日内 Language / 语言: Requests may be submitted in Chinese or English / 请求可以用中文或英文提交

Sensitive Personal Information: We only process sensitive personal information with your explicit consent and for specific, clearly stated purposes.

6. Cookies & Tracking Technologies

What Are Cookies: Cookies are small text files stored on your device when you visit our Website.

Types of Cookies We Use:

Essential Cookies (Always Active): Session management Security features Accessibility preferences

Analytics Cookies (With Consent): Vercel Analytics (privacy-focused, no personal data) Usage patterns to improve our Website Performance monitoring

Preference Cookies (With Consent): Language preferences Display settings

We DO NOT Use: Third-party advertising cookies Social media tracking pixels Cross-site tracking

Managing Cookies: Browser settings: Most browsers allow cookie management Our cookie banner: Accept/reject non-essential cookies on first visit Opt-out links: Provided for specific analytics services

GDPR Cookie Compliance: Non-essential cookies require explicit consent before activation (opt-in).

PIPL Cookie Compliance: We provide clear notice and obtain consent for cookies that collect personal information.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Contact Inquiries: 2 years from last communication Analytics Data: 26 months (anonymized aggregates kept longer) Legal/Tax Records: As required by law (typically 7 years) Cookie Consent Records: 1 year from consent date

Deletion: Upon request or when retention period expires, data is: Securely deleted from active systems within 30 days Removed from backups within 90 days Anonymized if retained for statistical purposes

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures: TLS/SSL encryption for data in transit Encryption at rest for stored data Regular security assessments and updates Access controls and authentication Firewall and intrusion detection

Organizational Measures: Staff training on data protection Data processing agreements with vendors Incident response procedures Regular privacy impact assessments

Third-Party Processors: We use carefully selected service providers who comply with GDPR/PIPL: Vercel (hosting, analytics) - US, EU adequate safeguards Email service providers - data processing agreements in place

Data Breach Notification: In the event of a data breach affecting your rights: GDPR: Notification within 72 hours to supervisory authority PIPL: Immediate notification to relevant authorities and affected individuals You will be notified if the breach is likely to result in high risk to your rights

9. International Data Transfers

Our servers are located in the United States, with operations in the UK and processing potentially occurring in multiple jurisdictions.

For EU Users (GDPR Chapter V): Transfers outside the EEA are protected by: Standard Contractual Clauses (SCCs) approved by the European Commission Adequacy decisions where applicable Binding Corporate Rules for intra-group transfers

For China Users (PIPL Articles 38-43): Cross-border transfers comply with: Security assessments conducted by the Cyberspace Administration of China (CAC) where required Standard contracts filed with CAC Certifications from recognized institutions Separate, specific consent for cross-border transfers

Your Rights: You may request information about the safeguards in place for international transfers by contacting us.

10. Children's Privacy

Our Website is not intended for children under 16 years of age (or 14 in China under PIPL).

We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@wilby.ai, and we will promptly delete such information.

Parental Rights: Parents or guardians may contact us regarding any data we may have collected from minors.

11. Policy Updates

We may update this Privacy Policy periodically to reflect: Changes in our practices New legal requirements Technological developments

Notification of Changes: Material changes will be announced via prominent Website notice Email notification to registered users where appropriate Updated "Last Modified" date at the top of this policy

Your Continued Use: Continued use of our Website after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries, data subject requests, or complaints:

General Privacy Inquiries: Email: privacy@wilby.ai

GDPR Requests (EU Users): Email: gdpr@wilby.ai Data Protection Officer: dpo@wilby.ai

PIPL Requests (China Users): Email: pipl@wilby.ai Language: Chinese and English accepted

US Headquarters: Simon Wilby / Wilby AI Labs Las Vegas, Nevada, USA

UK Office: London, United Kingdom

Response Times: General inquiries: 5 business days GDPR requests: 30 days (extendable to 90 days) PIPL requests: 15 working days

Complaints: If you are unsatisfied with our response, you may lodge a complaint with: EU: Your local supervisory authority China: Cyberspace Administration of China US: Federal Trade Commission

Related Legal Documents

Submit a Data Request

Exercise your rights under GDPR or PIPL by submitting a data access, correction, or deletion request.