Privacy Policy - Xoens.dk Website & AI Chatbot

            Last updated: April 2026

            Data controller: Xoens ApS, Vanløse, Copenhagen, Denmark

            CVR: 46225430

            Contact: teitfoens@gmail.com

1. Introduction

This privacy policy explains how Xoens ApS ("we", "us") processes personal data when you visit our website xoens.dk and use the AI chatbot feature. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and Danish data protection law.

2. What Data We Collect

2.1 Website Visits (All Visitors)

When you visit our website, we collect minimal technical data:

IP address: Used for rate limiting on the chatbot. Stored in server memory only (not persisted to disk or database) and automatically deleted after 30 minutes of inactivity.
Browser request data: Standard HTTP headers (browser type, referring page) are processed by our web server but not stored or logged.

We do not use cookies, analytics tools, tracking pixels, or advertising trackers on this website.

2.2 AI Chatbot (Only When You Use It)

If you choose to use the AI chatbot, the following data is processed:

Your chat messages: The text you type into the chatbot.
AI responses: The replies generated by the AI.
IP address: Used to enforce rate limiting (max 20 messages per session, 200 per day).
Conversation history: Up to 20 messages are kept in server memory during your session to provide conversational context. This is automatically deleted after 30 minutes of inactivity.

            Important: Your chat messages are sent to Anthropic (a US-based company) for AI processing. See section 6 for details on this data transfer.
        

3. How We Use Your Data

Chatbot functionality: Processing your messages with the AI model to generate relevant responses about Teit Føns' professional background.
Rate limiting: Preventing abuse and controlling costs by limiting the number of messages per session and per day.
Website delivery: Serving the website content to your browser.

We do not use your data for marketing, profiling, advertising, or any other purpose.

4. Legal Basis for Processing

We process your data under the following GDPR legal bases:

Consent (Art. 6(1)(a)): For the AI chatbot. You must explicitly accept this privacy policy before using the chatbot. You can withdraw consent at any time by simply stopping use of the chatbot.
Legitimate interest (Art. 6(1)(f)): For rate limiting via IP address, to protect against abuse and manage operational costs. Our interest in preventing misuse is balanced against the minimal privacy impact (IP stored in memory only, auto-deleted after 30 minutes).

5. Data Retention

Chat messages and conversation history: Stored in server memory only. Automatically deleted after 30 minutes of inactivity. Never written to disk or database.
IP addresses (rate limiting): Stored in server memory only. Automatically deleted after 30 minutes of inactivity.
Server logs: We do not maintain access logs containing personal data.

We do not retain any personal data beyond the active session.

6. Data Transfer to Third Countries (Anthropic)

When you use the AI chatbot, your messages are sent to Anthropic, PBC, a company based in the United States, which operates the Claude AI language model.

What is sent to Anthropic:

Your chat messages
A system prompt describing Teit Føns' professional background (this does not contain your data)
Previous messages in the conversation (for context)

What is NOT sent to Anthropic:

Your IP address
Your browser information
Any identifying metadata

Safeguards for the transfer:

The transfer of data to the US is based on Anthropic's commitment to data protection, including:

Standard Contractual Clauses (SCCs) as approved by the European Commission
Anthropic's data processing terms and privacy commitments
Anthropic does not use API customer data to train their models

For more information, see Anthropic's privacy policy at anthropic.com/privacy.

7. Data Security

All communication between your browser and our server uses HTTPS/TLS encryption.
All communication between our server and Anthropic's API uses HTTPS/TLS encryption.
The Anthropic API key is stored securely on the server and never exposed to browsers.
Chat data is held in volatile server memory only — it is not written to any database or log file.
Rate limiting prevents abuse of the service.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access (Art. 15): Request information about what data we process about you.
Right to rectification (Art. 16): Request correction of inaccurate data.
Right to erasure (Art. 17): Request deletion of your data. Note: chat data is automatically deleted after 30 minutes, so in practice there is no persistent data to erase.
Right to restriction (Art. 18): Request limitation of processing.
Right to data portability (Art. 20): Receive your data in a machine-readable format.
Right to object (Art. 21): Object to processing based on legitimate interest.
Right to withdraw consent: You can stop using the chatbot at any time. No further data will be processed.
Right to complain: You can file a complaint with the Danish Data Protection Agency (Datatilsynet) at dt.dk.

To exercise any of these rights, contact us at teitfoens@gmail.com.

9. Cookies

This website does not use cookies. No cookie consent banner is needed because we do not set any cookies, tracking pixels, or similar technologies.

10. Children's Privacy

This website and the chatbot are not intended for children under 16 years old. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top reflects the most recent revision. Since we do not collect email addresses from website visitors, we cannot notify you of changes — please review this page periodically.

12. Contact

For any questions about this privacy policy or your data:

Email: teitfoens@gmail.com
Company: Xoens ApS
Location: Vanløse, Copenhagen, Denmark
CVR: 46225430