Privacy & GDPR

Last updated: 26 March 2026. This notice describes how the IZNIR application processes personal data when you or your organization self-hosts or operates an instance. Adjust this text to match your legal entity and hosting arrangement.

Summary

  • We process account data (name, email, workspace membership) to provide the service.
  • Skills and audit logs may contain operational metadata; classify them according to your policies.
  • In-app tools support data export, deletion requests, and consent records where enabled.
  • Contact the operator of your IZNIR deployment for questions or to exercise GDPR rights.

1. Data controller

The data controller is the organization that deploys IZNIR (for example your company). If you use a hosted demo, the provider named in your agreement is the controller. This document is a template: insert legal name, address, and DPO contact.

2. Categories of data

  • Identity and account: name, email, password hash, role, workspace association.
  • Usage and content: skills, guardrails, test runs, marketplace listings, messages you submit via contact forms.
  • Technical: hashed IP for abuse prevention on public endpoints, server logs as configured by your infrastructure.

3. Purposes and legal bases

Processing is performed to perform the contract (Art. 6(1)(b) GDPR) with workspace users, and for legitimate interests (Art. 6(1)(f)) such as security, abuse prevention, and product improvement, balanced against user rights. Where required, consent (Art. 6(1)(a)) is captured for optional processing and can be withdrawn in-app where implemented.

4. Retention

Retention depends on your configuration. Typically: account data while the account is active; audit logs according to your compliance schedule; deleted accounts anonymized or removed per your data deletion workflow.

5. Your rights (GDPR)

You may have the right to access, rectification, erasure, restriction, portability, and objection, and to lodge a complaint with a supervisory authority. Use in-app privacy settings where available, or contact your controller.

6. Transfers

If personal data is processed outside the EEA, ensure appropriate safeguards (for example Standard Contractual Clauses) as required by Chapter V GDPR.

7. Contact

For privacy requests related to this deployment, use the contact form and choose the subject Privacy, or email the address published by your operator.