1. Data Controller

The controller of your personal data is:

2. What Data We Collect

When you submit a comment on our website, we collect the following information:

• Name - Used to display your identity in the discussion
• Email address - Used for notifications and verification (not publicly displayed)
• Comment content - Your message in the discussion
• IP address - Automatically collected for security purposes
• Timestamp - Date and time when the comment was submitted
• Browser and device information - Technical data for security

3. Legal Basis for Processing

We process your personal data based on:

• Your consent (GDPR Art. 6(1)(a)) - You agree by checking the consent checkbox
• Legitimate interest (GDPR Art. 6(1)(f)) - To moderate discussions and prevent spam/abuse
• Legal obligation (GDPR Art. 6(1)(c)) - To comply with legal requirements

4. Purpose of Processing

Your data is used for:

• Displaying your comments in the discussion section
• Moderation and preventing spam/abuse
• Responding to your comments (by AI or moderators)
• Sending notifications about replies (if you opted in)
• Security and fraud prevention
• Compliance with legal obligations

5. Data Retention

We retain your data for:

• Published comments - Until you request deletion or indefinitely as part of article history
• Pending/rejected comments - 90 days
• IP addresses and logs - 12 months for security purposes
• Marketing consent records - Until consent is withdrawn + 3 years for legal proof

6. Who Has Access to Your Data

Your data may be accessed by:

• Our AI moderation system - Automated review and spam detection
• Human moderators - Manual review when needed
• Technical administrators - For system maintenance
• Third-party services:
  • OpenAI API - For AI-powered comment analysis and responses (anonymized)
  • Database hosting providers - Secure data storage
  • Email service providers - For notifications (if you opted in)

7. Data Sharing with Third Parties

We do NOT sell your personal data. We may share data with:

• AI Service Providers - Comment text (without email) is sent to OpenAI for analysis
• Cloud Infrastructure - Data stored on secure servers (EU region preferred)
• Law Enforcement - Only when legally required by court order

All third-party processors are bound by GDPR-compliant data processing agreements.

8. Your Rights Under GDPR

You have the right to:

• Access - Request a copy of your personal data
• Rectification - Correct inaccurate data
• Erasure ("Right to be Forgotten") - Request deletion of your data
• Restriction of processing - Limit how we use your data
• Data portability - Receive your data in a machine-readable format
• Object - Object to processing based on legitimate interest
• Withdraw consent - At any time, without affecting lawfulness of prior processing
• Lodge a complaint - With your local data protection authority

To exercise these rights, contact us at: privacy@boopycode.com

9. Comment Moderation

All comments are subject to moderation:

• Comments are reviewed before publication (manual or AI-assisted)
• We may edit or remove comments that violate our terms
• Spam, abusive, or illegal content will be rejected
• We reserve the right to ban users who repeatedly violate rules

10. Cookies and Tracking

The comment system may use:

• Session cookies - To remember your form data during submission
• Local storage - To save your name/email for future comments (optional)

For more information, see our Cookie Policy.

11. Data Security

We protect your data using:

• SSL/TLS encryption for data transmission
• Encrypted database storage
• Access controls and authentication
• Regular security audits
• Backup systems

12. International Data Transfers

Some of our service providers (e.g., OpenAI) are located outside the EU. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Data minimization (only necessary data is transferred)

13. Children's Privacy

Our services are not directed at children under 16. If you are under 16, please do not submit comments without parental consent.

14. Changes to This Policy

We may update this policy. Changes will be posted on this page with a new "Last Updated" date. Continued use after changes constitutes acceptance.

15. Contact Information