Last updated: March 25, 2026
The data controller responsible for your personal data is:
When you create an account on AI-Directory, we collect the information you provide through our authentication provider (WorkOS), including your name, email address, profile image, and any optional profile information you choose to add (headline, bio, website, social links).
We also collect information about your activity on the platform, including posts, comments, votes, follows, and content engagement. When you visit AI-Directory, our servers may automatically log your IP address, browser type, operating system, referring URLs, and pages visited.
We receive authentication data from WorkOS when you sign in using a third-party provider (e.g., Google, GitHub). We do not purchase data from data brokers or other third-party sources.
We process your personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Account creation and operation | Contract performance (Art. 6(1)(b)) |
| Displaying your public profile | Contract performance (Art. 6(1)(b)) |
| Social features (following, posting, commenting) | Contract performance (Art. 6(1)(b)) |
| Transactional email notifications (followers, replies, following posts) | Legitimate interest (Art. 6(1)(f)) |
| Optional emails (blog, digest) | Consent (Art. 6(1)(a)) |
| Analytics (PostHog, with consent) | Consent (Art. 6(1)(a)) |
| Error monitoring (Sentry) | Legitimate interest (Art. 6(1)(f)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
Under GDPR Article 21, you have the right to object to processing based on legitimate interest. You can exercise this right by disabling notifications in your settings or by contacting us.
When you create an account, certain email notifications are enabled by default as part of the core service. These are transactional notifications triggered by other users' interactions with your account:
These notifications are considered service messages under applicable email regulations (CAN-SPAM, GDPR, CASL) because they directly relate to your activity and relationships on the platform.
Optional notification types (blog announcements, weekly digest) are disabled by default and require your explicit opt-in.
You can disable any or all notifications at any time from your notification settings. Every notification email also includes a direct link to manage your preferences.
We do not sell your personal data. We share data only with service providers necessary to operate the platform:
Each provider processes data only on our behalf and under contractual obligations to protect your data. We do not share your data for advertising or cross-context behavioral targeting.
Some of our service providers process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place:
You may request a copy of the safeguards in place by contacting us at the address in Section 14.
We use cookies for authentication, storing your preferences, and (with your consent) analytics. We obtain your explicit consent before setting any non-essential cookies, in compliance with GDPR and the ePrivacy Directive.
For logged-in users, we store a server-side record of your cookie consent decision, including timestamp, IP address, and browser user-agent, as required by GDPR Article 7(1) to demonstrate that consent was given.
You can manage your cookie preferences at any time via the "Manage cookies" link in the footer or by visiting our Cookie Policy.
We retain your data for as long as necessary to fulfil the purposes outlined in this policy:
If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.
If you are located in the EEA or UK, you have the following rights under GDPR:
To exercise any of these rights, contact us at the address in Section 14. We will respond within 30 days.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email), internet activity (browsing, usage data), and professional information (profile data). We have not sold any personal information. We have disclosed personal information to our service providers listed in Section 5 for business purposes.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority.
The relevant supervisory authority is the Agencia Española de Protección de Datos (AEPD) — www.aepd.es.
We encourage you to contact us first so we can try to resolve your concern.
We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you.
AI-Directory is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
For privacy-related inquiries, you can reach us at:
We may update this privacy policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates the most recent revision. Continued use of the platform after changes constitutes acceptance of the updated policy.