Privacy Policy - Xoens.dk Website & AI Chatbot

            Last updated: April 2026

            Data controller: Xoens ApS, Vanløse, Copenhagen, Denmark

            CVR: 46225430

            Contact: teitfoens@gmail.com

1. Introduction

This privacy policy explains how Xoens ApS ("we", "us") processes personal data when you visit our website xoens.dk and use the AI chatbot feature. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and Danish data protection law.

2. What Data We Collect

2.1 Website Analytics (PostHog)

If you accept analytics cookies, we use PostHog to understand how visitors use our website. PostHog collects:

Page views and navigation: Which pages you visit and how you navigate the site.
Interactions: Button clicks (e.g. CV download, chat opened) and page leave events.
Technical data: Browser type, screen size, and general location (country/region).

PostHog data is processed and stored in the EU (eu.i.posthog.com). We use anonymous profiles only — no personal identification, no cross-site tracking, no advertising. PostHog is only loaded if you accept analytics cookies via the cookie banner.

2.2 AI Chatbot

If you choose to use the AI chatbot, the following data is processed:

Your chat messages: The text you type into the chatbot.
AI responses: The replies generated by the AI.
IP address: Used to enforce rate limiting (max 20 messages per session, 200 per day).
Conversation history: Up to 20 messages are kept in server memory during your session to provide conversational context. This is automatically deleted after 30 minutes of inactivity.

2.3 Chat Logging (Supabase)

When you use the chatbot, the following data is logged to our database (hosted by Supabase in the EU) for operational purposes:

Your chat messages and message type (question, job analysis, etc.)
IP address
Geolocation derived from IP: Country, city, and organization/ISP (looked up via ipwho.is)
Technical metadata: Browser type (user agent), referring page, response length, AI provider used, and estimated cost

This logging serves two purposes:

Operational monitoring: Ensuring the chatbot works correctly, debugging issues, and managing costs.
Business insight: Understanding what recruiters and visitors ask about, so we can improve the chatbot and our professional presentation.

            Important: Your chat messages are sent to Anthropic (a US-based company) for AI processing. See section 6 for details on this data transfer.
        

3. How We Use Your Data

Analytics: Understanding website usage patterns to improve the site (only with your consent).
Chatbot functionality: Processing your messages with the AI model to generate relevant responses about Teit Føns' professional background.
Operational monitoring: Logging chat interactions to monitor chatbot quality, debug issues, and manage costs.
Business insight: Reviewing what visitors ask to improve our professional presentation.
Rate limiting: Preventing abuse and controlling costs by limiting the number of messages per session and per day.
Website delivery: Serving the website content to your browser.

We do not use your data for advertising, automated profiling, or resale to third parties.

4. Legal Basis for Processing

We process your data under the following GDPR legal bases:

Consent (Art. 6(1)(a)): For analytics cookies (PostHog). You choose whether to accept or reject analytics via the cookie banner. You can change your choice at any time by clearing your browser’s local storage.
Consent (Art. 6(1)(a)): For the AI chatbot and associated chat logging. You must explicitly accept before using the chatbot. You can withdraw consent at any time by stopping use of the chatbot.
Legitimate interest (Art. 6(1)(f)): For rate limiting via IP address in server memory, to protect against abuse and manage operational costs. Our interest in preventing misuse is balanced against the minimal privacy impact (rate-limiting data stored in memory only, auto-deleted after 30 minutes).

5. Data Retention

Analytics data (PostHog): Retained according to PostHog’s data retention settings. We use anonymous profiles only.
Chat logs (Supabase): Automatically deleted after 90 days. You can also request immediate deletion by contacting us.
Conversation context (server memory): Automatically deleted after 30 minutes of inactivity.
IP addresses for rate limiting (server memory): Automatically deleted after 30 minutes of inactivity.

6. Data Transfer to Third Countries (Anthropic)

When you use the AI chatbot, your messages are sent to Anthropic, PBC, a company based in the United States, which operates the Claude AI language model.

What is sent to Anthropic:

Your chat messages
A system prompt describing Teit Føns' professional background (this does not contain your data)
Previous messages in the conversation (for context)

What is NOT sent to Anthropic:

Your IP address
Your browser information
Any identifying metadata

Safeguards for the transfer:

The transfer of data to the US is based on Anthropic's commitment to data protection, including:

Standard Contractual Clauses (SCCs) as approved by the European Commission
Anthropic's data processing terms and privacy commitments
Anthropic does not use API customer data to train their models

For more information, see Anthropic's privacy policy at anthropic.com/privacy.

7. Data Security

All communication between your browser and our server uses HTTPS/TLS encryption.
All communication between our server and Anthropic's API uses HTTPS/TLS encryption.
All communication with third-party services (Supabase, ipwho.is, PostHog) uses HTTPS/TLS encryption.
The Anthropic API key is stored securely on the server and never exposed to browsers.
Chat logs are stored in an EU-hosted database (Supabase) with automatic deletion after 90 days.
The admin dashboard is protected by a server-side password.
Rate limiting prevents abuse of the service.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access (Art. 15): Request information about what data we process about you.
Right to rectification (Art. 16): Request correction of inaccurate data.
Right to erasure (Art. 17): Request deletion of your data. Chat logs stored in our database are automatically deleted after 90 days, but you can request immediate deletion by contacting us.
Right to restriction (Art. 18): Request limitation of processing.
Right to data portability (Art. 20): Receive your data in a machine-readable format.
Right to object (Art. 21): Object to processing based on legitimate interest.
Right to withdraw consent: You can stop using the chatbot at any time. No further data will be processed.
Right to complain: You can file a complaint with the Danish Data Protection Agency (Datatilsynet) at dt.dk.

To exercise any of these rights, contact us at teitfoens@gmail.com.

9. Cookies

This website uses cookies only for analytics (PostHog), and only if you accept via the cookie banner. The analytics cookies help us understand how visitors use the site.

Cookie consent cookie: Stores your accept/reject choice in your browser’s local storage. This is strictly necessary and does not require consent.
PostHog cookies: Set only if you accept analytics. Used to distinguish unique visitors and track page views. No personal identification. Data stored in the EU.

You can change your cookie preference at any time by clearing your browser’s local storage or site data for xoens.dk.

10. Data Processors

We use the following third-party services to process data on our behalf:

Anthropic, PBC (US) — AI chatbot processing. See section 6.
PostHog Inc. (EU hosting) — Website analytics. Only with your consent.
Supabase Inc. (EU hosting) — Chat log storage. Data deleted after 90 days.
ipwho.is — IP geolocation lookup via HTTPS (country, city, organization). No personal data is shared beyond the IP address.

11. Children's Privacy

This website and the chatbot are not intended for children under 16 years old. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top reflects the most recent revision. Since we do not collect email addresses from website visitors, we cannot notify you of changes — please review this page periodically.

13. Contact

For any questions about this privacy policy or your data:

Email: teitfoens@gmail.com
Company: Xoens ApS
Location: Vanløse, Copenhagen, Denmark
CVR: 46225430