Privacy Policy

Last updated: March 23, 2026

The short version

Zero cookies. Zero trackers. Zero profiling. We collect your data only if you actively send us a message. Our server logs basic visit data for 1 year. Data is primarily processed in the EU. You have full GDPR rights. That's it.

Behavioral design note We structured this page using layered disclosure — a plain-language summary above, with expandable legal detail below. This reduces cognitive load while preserving regulatory precision. It's the same choice architecture principle we apply to enterprise systems. Learn about our approach.

Privacy nutrition label

Cookies None

Analytics trackers None

Third-party scripts None

Fingerprinting None

Data sold to third parties Never

Server log retention 1 year

Data residency Primarily EU (Ireland, eu-west-1)

AI used in client deliverables Disclosed per engagement

Client data used for AI training Never by Datopi

01

Data Controller

Datopi SRL
BE 0745.585.352
Belgium

For any privacy-related request, contact us via the contact form.

02

What we collect

Contact form submissions

When you voluntarily submit our contact form, we collect: your name, email address, company name (optional), and your message.

This data is sent via AWS API Gateway and Lambda to our business email (Microsoft 365). It is not stored in any database. We read your message and reply manually. No automated processing or decision-making occurs.

Lawful basis: Legitimate interest (Article 6(1)(f) GDPR) — you actively request that we contact you.

Server access logs

AWS CloudFront automatically logs: IP address, timestamp, page visited, browser type, and referrer URL. These logs are used for security, operational, and analytical purposes.

Logs are stored in AWS S3 (eu-west-1, Ireland) and automatically deleted after 1 year via lifecycle policy.

Lawful basis: Legitimate interest (Article 6(1)(f) GDPR) — security monitoring and site operation.

Design choice We used expandable sections so you only read what's relevant to you. This is related-interleaving — a technique from Cognitive Load Theory that groups complex information into digestible chunks, reducing extraneous cognitive load while preserving the information you need.

03

What we don't collect

No cookies of any kind
No analytics trackers (no Google Analytics, no Meta Pixel, no Plausible)
No fingerprinting or device profiling
No automated decision-making or behavioral profiling
No data sharing, selling, or transfers to third parties for marketing
No cross-site tracking

04

Sub-processors

We use a minimal set of data processors, all operating under GDPR-compliant data processing agreements:

Processor	Purpose	Data location
Amazon Web Services (AWS)	Website hosting, CDN, contact form backend, access logs	EU (eu-west-1, Ireland)
Microsoft 365	Business email (receives contact form submissions)	EU

05

Data residency & AI isolation

Data is primarily processed within the European Union (AWS eu-west-1, Ireland). Where EU-based processing is not possible, appropriate safeguards (standard contractual clauses) are in place.

AI isolation: Client data from consulting engagements is never used by Datopi or at Datopi's instruction to train AI models or shared across client boundaries. Data is retained only as long as necessary for the engagement and applicable legal obligations. All deliverables are owned by the client.

06

Data retention

Contact form data: Retained in our business email system for the duration of any business relationship and up to 10 years after last contact, in accordance with Belgian commercial record-keeping obligations (Code de droit économique).
Server access logs: Automatically deleted after 1 year via S3 lifecycle policy.
Client engagement data: Governed by individual engagement contracts. Retention period as defined in the individual engagement contract.

07

AI transparency (EU AI Act)

In accordance with EU AI Act Article 50 transparency requirements (enforceable August 2026), Datopi discloses:

Website development: This website was built with assistance from AI tools (Claude Code by Anthropic). All code was reviewed and approved by a human.
Client deliverables: When AI tools are used in the production of client deliverables (reports, code, architectures, analyses), this is disclosed to the client in the engagement agreement and in the deliverable itself.
No AI interaction on this site: There are no chatbots, automated assistants, or AI-powered interfaces on datopi.com. The contact form is read and answered by a human.

Transparent nudging Research shows that transparently disclosing the use of behavioral techniques — like we're doing throughout this page — does not reduce their effectiveness. In fact, transparent nudges increase trust, perceived agency, and self-reported satisfaction. This is why we annotate our design choices rather than hiding them. (Ref: Bruns et al., 2018; Loewenstein et al., 2015)

08

Your rights under GDPR

You have the right to:

Access your personal data
Rectify inaccurate data
Erase your data ("right to be forgotten")
Restrict processing
Object to processing based on legitimate interest
Data portability — receive your data in a structured, machine-readable format

To exercise any of these rights, contact us via the contact form. We will respond without undue delay.

09

Supervisory authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Autorité de protection des données (APD)
Gegevensbeschermingsautoriteit (GBA)
Rue de la Presse 35 / Drukpersstraat 35
1000 Brussels, Belgium
www.autoriteprotectiondonnees.be

10

Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. The "last updated" date at the top will be revised accordingly.