Privacy Policy

1. Data Controller

SurveyingPedia ("we", "us") is the data controller for all personal data processed through surveyingpedia.com. You can reach us at contact@surveyingpedia.com for any privacy-related matter, including to exercise your rights under the GDPR.

2. Scope of this Policy

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and what rights you have. It applies to the website surveyingpedia.com and all subdomains.

3. Data we collect

• Account data (if you register): username, email, password hash, preferred language and country, role. Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
• Content you publish: forum posts, comments, chat messages, feedback, uploaded files. Legal basis: performance of a contract.
• Technical data (every visit): IP address (temporarily, in server logs only), User-Agent, requested URL, HTTP status, timestamp. Logs are kept for 14 days and then automatically deleted. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) — security and diagnostics.
• Pseudonymous analytics (our first-party pixel /api/pv): we store a daily truncated hash of IP+User-Agent ("visitorHash"), the page path, locale, referring domain (NOT full URL), hour of day, country (from network-level geolocation). The hash changes every midnight UTC, which makes it technically impossible to track a visitor across days. No cookies, no stored IP, no fingerprint. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) — anonymous aggregate measurement (CNIL allows this without consent — see CNIL guidance on "exempted analytics").
• Google Analytics 4 (aggregate-only, server-side): in addition to the optional browser-side GA4 (activated only with your cookie consent — Measurement ID G-2Y848WNYGV), we forward pseudonymous page_view events to GA4 from OUR SERVER for every visit. These server-side events use the same daily-rotating visitorHash as our first-party pixel (cannot be linked across days), carry no user_id, no user_properties, no cookies, IP is anonymized (aip=1), and only the page path + referring domain + locale + country are transmitted. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) — this is technically equivalent to cookie-less analytics tools (Plausible, Umami, Matomo) which CNIL considers exempted from consent. You can object to this server-side forwarding at any time by emailing contact@surveyingpedia.com; the consent-based browser-side GA4 can additionally be revoked via the cookie banner.

4. Why we process your data

• To provide the service: render pages, authenticate sessions, store your forum posts, deliver chat messages.
• To operate and secure the platform: detect abuse, mitigate brute-force logins, prevent spam.
• To improve the platform: aggregate analytics to understand which articles are useful, which languages are served, which features are used. We never profile individual users.
• To communicate with you: respond to your feedback, notify you about account-related events you explicitly opted into.

5. Who processes your data (sub-processors)

• Hostinger International Ltd (Cyprus/Lithuania, EU) — VPS hosting. Data stays in EU data centers.
• Google LLC (USA) — Google Analytics 4, only if you grant consent. Data is transferred to the USA under the EU-US Data Privacy Framework.
• Anthropic PBC (USA) — Claude API, used solely to generate editorial content (articles, station descriptions). NO user personal data is ever sent to Anthropic. Prompts contain only public technical information about surveying tools.
• We never sell your data. We never share it with third parties beyond the sub-processors listed above.

6. International transfers

When data is transferred outside the European Economic Area (EEA) — specifically to Google and Anthropic in the USA — we rely on the EU-US Data Privacy Framework (for Google) and Standard Contractual Clauses (for Anthropic). You can contact us to receive a copy of these safeguards.

7. Data retention

• Server logs: 14 days, then automatically deleted by logrotate.
• Analytics pixel data (PageView table): 90 days aggregated, then daily totals only.
• Account data: until you delete your account. After deletion, your content is anonymized (posts are kept with author shown as "Deleted user") and your email is purged within 30 days.
• Inactive accounts: accounts with no login for 24 months are flagged for deletion; you will be notified by email 30 days in advance.
• Google Analytics data: retained for 14 months (the shortest option GA4 offers) before being auto-deleted by Google.

8. Your rights under the GDPR

You have the following rights, which you can exercise at any time by emailing contact@surveyingpedia.com (we will reply within 30 days, usually within 48 hours):

• Right of access (Art. 15) — request a copy of all your personal data.
• Right to rectification (Art. 16) — correct inaccurate data.
• Right to erasure / "right to be forgotten" (Art. 17) — request deletion of your account and data.
• Right to restriction of processing (Art. 18) — freeze processing pending dispute.
• Right to data portability (Art. 20) — receive your data in a machine-readable format (JSON).
• Right to object (Art. 21) — object to processing based on legitimate interest.
• Right to withdraw consent (Art. 7(3)) — revoke analytics / marketing consent at any time via the cookie banner.
• Right to lodge a complaint (Art. 77) — you can complain to your national supervisory authority (in Italy: Garante per la protezione dei dati personali, www.garanteprivacy.it).

9. Automated decision-making

We do NOT make any automated decisions that produce legal or similarly significant effects on you. Content ranking, search results, and article recommendations are based on simple algorithmic rules that do not profile individual users.

10. Children

SurveyingPedia is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Security

Passwords are hashed with bcrypt (12 rounds). Connections are served over HTTPS with automatic certificate renewal. Accounts are automatically locked for 15 minutes after 5 failed login attempts. Server-side audit logs track administrative actions. We store no payment data.

12. Changes to this policy

We may update this policy to reflect changes in our services or legal obligations. Material changes will be announced via a banner on the home page at least 15 days before they take effect, and logged-in users will receive an email notification.