Privacy Policy
Last updated: April 28, 2026
AICommunityLab is a free, non-commercial community platform. This notice describes how personal data is processed in connection with registration via Google and use of the site, in accordance with Regulation (EU) 2016/679 (GDPR), Hungarian Act CXII of 2011 (Infotv.), and Article VI(3) of the Fundamental Law of Hungary.
1. Data Controller
Name: AICommunityLab (non-commercial community project)
Contact: aicommunitylab@gmail.com
Website: https://aicommunitylab.hu
This project is operated by a private individual on a non-commercial basis. No separate Data Protection Officer (DPO) has been appointed, as the processing does not meet the conditions of Article 37(1) GDPR.
2. Categories of Personal Data Processed
Data received from Google (via OAuth, minimum scopes only):
- Google account identifier (sub)
- Email address
- Display name
- Profile picture (avatar URL), if available
Data generated by use of the service:
- Username and profile information you choose to provide
- Public comments and content you post on the platform
- Votes, reactions and similar interactions
Technical data:
- IP address
- Browser and device information (user agent)
- Session and authentication tokens
- Server and security logs
3. Purposes of Processing
- Creating and operating user accounts
- Authenticating users via Google sign-in
- Enabling commenting and other community features
- Operating, maintaining and improving the website
- Ensuring security and preventing abuse and fraud
- Complying with legal obligations
In line with the data minimisation principle (Article 5(1)(c) GDPR), only the data strictly necessary for these purposes is processed.
4. Legal Basis
- Article 6(1)(b) GDPR – performance of the user agreement: account creation, sign-in, publishing and storing comments, and providing the core community functionality.
- Article 6(1)(f) GDPR – legitimate interests: security, abuse and fraud prevention, integrity of the platform, and basic operational logging.
- Article 6(1)(c) GDPR – compliance with legal obligations, where applicable.
5. Source of Data
Account data (name, email and profile picture) is received from Google through the OAuth sign-in flow you initiate. All other data is collected directly from you when you use the service.
6. Recipients and Data Processors
The following service providers may process personal data on our behalf:
- Supabase – authentication and database (EU region)
- Vercel – hosting and content delivery (EU region)
- Google LLC – OAuth identity provider
Public comments and the associated public profile (display name and avatar) are visible to all visitors of the site by their nature.
7. International Data Transfers
We aim to keep processing within the European Economic Area. Where a processor (such as Google) transfers data to a third country, the transfer is covered by the safeguards required under Chapter V GDPR (e.g. EU–US Data Privacy Framework or Standard Contractual Clauses).
8. Data Retention
- Account data: stored while the account is active, deleted upon account deletion request or after a reasonable period of inactivity.
- Public comments and content: kept until you delete them or your account, or until removed by moderation. After account deletion the author attribution is anonymised.
- Technical and security logs: typically kept for up to 30 days, longer only if required for incident handling or by law.
9. Your Rights
Under Articles 15–22 GDPR you have the right to:
- Access your personal data
- Request rectification of inaccurate data
- Request erasure ("right to be forgotten")
- Restrict processing
- Object to processing based on legitimate interest
- Data portability, where applicable
- Withdraw consent at any time, where applicable
To exercise these rights, contact us at aicommunitylab@gmail.com. We will respond within one month (Article 12(3) GDPR).
10. Right to Lodge a Complaint
You may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):
- Address: 1055 Budapest, Falk Miksa utca 9–11.
- Email: ugyfelszolgalat@naih.hu
- Website: naih.hu
11. Data Security
We apply technical and organisational measures appropriate to the risk, including HTTPS/TLS encryption in transit, access control, hardened authentication via Google OAuth, isolation of environments, and logging for incident handling (Article 32 GDPR).
12. Cookies
The service only uses cookies strictly necessary for operation, such as session and authentication tokens. No tracking, advertising or third-party analytics cookies are set without your consent.
13. Automated Decision-Making
We do not carry out automated decision-making or profiling that produces legal effects within the meaning of Article 22 GDPR.
14. Changes to this Policy
This Privacy Policy may be updated to reflect changes in the service or applicable law. The current version is always available on this page, with the date of the last update shown at the top.
15. Contact
For any privacy-related questions: aicommunitylab@gmail.com