Privacy Policy
Last updated: 24 May 2026
1. Who we are
AIBrainBlog (www.aibrain.blog) is operated by Youness, the data controller. You can reach us at contact@aibrain.blog for any privacy-related request.
2. Personal data we collect
- Newsletter: email address, optional name, source page (e.g. footer, inline form) and timestamp.
- Contact form: name, email, subject, message, IP address (for spam prevention).
- Analytics: page views, referrer, device type, approximate location (country / city), session duration. Collected through Google Analytics 4 in an aggregated, pseudonymous form (IP anonymisation enabled).
- Advertising: when Google AdSense is active, Google and its partners may use cookies and device identifiers to serve ads. See §5.
- Logs: standard server logs (IP, user-agent, timestamps) kept up to 30 days for security and debugging.
3. Why we process your data (purposes & legal basis)
- Deliver the service (showing articles, sending the newsletter you opted into) — legal basis: performance of a contract / your consent.
- Improve content via aggregated analytics — legal basis: legitimate interest (and your consent in regions that require it).
- Run ads — legal basis: your consent (collected via the cookie banner where applicable).
- Comply with law (record keeping, fraud prevention) — legal basis: legal obligation / legitimate interest.
4. Third-party services we use
- Google Analytics 4 (Google Ireland Ltd) — visitor analytics. Privacy: policies.google.com/privacy.
- Google AdSense (Google Ireland Ltd) — advertising. See §5 for specifics.
- Unsplash (Unsplash Inc.) — cover-image hosting. Images are loaded from Unsplash's CDN, which may log your IP.
- Railway — application + database hosting (EU/US regions).
- SMTP provider (Hostinger) — transactional email delivery for newsletter and contact replies.
5. Cookies, AdSense & personalised advertising
We use cookies (small text files stored in your browser) for essential site features, analytics and — where active — advertising. The full inventory is in our Cookie Policy.
When AdSense is enabled, the following also apply:
- Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to this site and other sites on the Internet.
- Google's use of advertising cookies enables it and its partners to serve ads to our users based on their visit to our site and/or other sites on the Internet.
- Users may opt out of personalised advertising by visiting Google's Ads Settings. They may also opt out of a third-party vendor's use of cookies for personalised advertising by visiting www.aboutads.info.
- Consent is opt-in. All visitors see a consent banner on first visit; advertising and analytics cookies stay disabled until the visitor accepts. Consent can be updated or withdrawn at any time via the "Cookie settings" link in the footer.
- We implement Google Consent Mode v2: the signals
ad_storage, ad_user_data, ad_personalization and analytics_storage are denied by default before any tracker loads, and flip to granted only after the visitor opts in. This is the GDPR + ePrivacy requirement in the EEA, UK and Switzerland.
6. International data transfers
Some of our processors (Google, Unsplash, Hostinger) are based in the United States. Transfers rely on the EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.
7. How long we keep your data
- Newsletter subscribers: until you unsubscribe.
- Contact messages: up to 24 months, then deleted.
- Server logs: 30 days.
- Analytics events (GA4 default): 14 months.
8. Your rights
Under the GDPR (EEA / UK) and equivalent regimes (CCPA / CPRA in California, LGPD in Brazil, etc.) you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Request deletion ("right to be forgotten")
- Restrict or object to processing
- Data portability (receive your data in a structured format)
- Withdraw consent at any time (for cookies and the newsletter)
- Lodge a complaint with your local data-protection authority
To exercise any of these rights, email contact@aibrain.blog — we respond within 30 days.
9. Children
AIBrainBlog is not directed at children under 16. We do not knowingly collect their data. Parents who believe their child has provided data may contact us for deletion.
10. Security
We use HTTPS everywhere, hashed passwords (bcrypt), and access controls limiting personal data to the editorial team. No system is 100 % secure; we disclose breaches within 72 hours where legally required.
11. Changes to this policy
We may update this policy. Material changes are announced on this page and (for significant changes) via the newsletter. The "Last updated" date at the top reflects the latest revision.