ADHD·AUDHD.fr
FR

Privacy

Privacy policy

What's collected, why, for how long, and how to exercise your rights.

1. Data controller

Nissiel Thomas — contact: nissieltb@gmail.com.

2. Data collected and purposes

Browsing the site

  • No third-party cookies. No Google Analytics, no Meta pixel.
  • Plausible Analytics (EU cloud): anonymous aggregated stats without cookies or persistent identifiers. Plausible details.
  • Preferences (theme, dyslexia mode, focus mode) are stored in localStorage on your device — never sent to our servers.

Newsletter

  • Email only. Sole use: monthly newsletter.
  • One-click unsubscribe in every email. Full deletion on unsubscribe.
  • Hosted via Buttondown (EU-compliant). No third-party sharing.

Community account

  • Email (magic link), pseudonym, optional bio, optional avatar.
  • Posted content (posts, comments, reactions, flags).
  • Hosted on Supabase, EU region (Frankfurt).
  • DPA (Data Processing Agreement) with Supabase available on request.

Moderation

  • Posts and comments are analysed by AI (Claude, OpenAI Moderation) for toxicity, crisis content, and medical misinformation. Analysis scores are stored for moderation purposes.
  • No user content is sent to AI providers for model training (opt-out confirmed in API terms).

3. Retention

  • Plausible anonymised access logs: 6 months.
  • Newsletter email: until unsubscribe.
  • Community account: until user deletion.
  • Posted content: until deletion or erasure request.
  • Flags: 2 years after closure.

4. Your GDPR rights

  • Access: obtain a copy of all your data.
  • Rectification: correct erroneous data.
  • Erasure: delete your account and content.
  • Portability: export your data as JSON.
  • Objection: refuse a processing activity.
  • Restriction: suspend a processing activity.

To exercise a right: nissieltb@gmail.com. Reply within 30 days (regulatory).

If you disagree with our response, you can file a complaint with the CNIL (French data-protection authority) or your local supervisory authority.

5. Sub-processors

  • Vercel (site hosting, US/EU). DPA signed.
  • Supabase (database, EU-Frankfurt). DPA signed.
  • Plausible (analytics, EU). DPA signed.
  • Buttondown (newsletter, US with SCC). DPA signed.
  • Anthropic / OpenAI (AI moderation, US with SCC). GDPR compliance via Standard Contractual Clauses.

6. Security

  • TLS 1.3 encryption in transit.
  • At-rest encryption on Supabase.
  • Magic link with 1-hour expiry, single use.
  • No passwords stored.

7. Minors

The community is open from age 16. Users aged 16–18 must have parental consent if their country's law requires it.

8. Changes

If this policy changes substantially, we notify you via newsletter (if subscribed) or a site-wide notice.

Last updated: 20 April 2026.