Privacy Policy
Last updated: April 2026
1. Overview
This website (www.simonoster.com) is the personal portfolio of Simon Oster. I take your privacy seriously and handle your data responsibly. This policy explains what information is collected, how it is used, and your rights.
2. Data Controller
Simon Oster — see the Imprint for full contact details.
3. Data Collected
3.1 Contact Form
When you submit the contact form, your name, email address, subject, and message are stored in our database to respond to your inquiry. This data is processed based on your consent (Art. 6(1)(a) GDPR).
3.2 Booking System
Booking a session (Coffee Chat, Consultation, Seminar) requires your name, email, and optional message. This data is stored to facilitate scheduling and is processed based on your consent and the necessity to perform a pre-contractual arrangement (Art. 6(1)(b) GDPR).
3.3 Newsletter Subscription
When you subscribe to the newsletter, your email address is stored. You can unsubscribe at any time. Processing is based on your explicit consent (Art. 6(1)(a) GDPR).
3.4 AI Chat Assistant ("Simon Says")
The chat assistant is powered by OpenAI. When you use it, your messages and the AI's responses are sent to and processed by OpenAI's API (OpenAI, Inc., San Francisco, USA). Conversations are also logged to LangSmith (LangChain, Inc., USA — EU data residency) for quality monitoring, evaluation, and improvement of the chat experience. No personally identifiable information is intentionally collected through the chat, but please avoid sharing sensitive personal data in the conversation.
For details on how OpenAI processes data, see the OpenAI Privacy Policy.
3.5 Hosting & Technical Data
This website is hosted on Vercel. Vercel may collect standard server logs including your IP address, browser type, and access times. This is necessary for the operation and security of the website (Art. 6(1)(f) GDPR). See the Vercel Privacy Policy.
3.6 Analytics
This website uses Vercel Analytics to collect anonymized usage data such as page views, referrers, and device information. Vercel Analytics is privacy-friendly and does not use cookies or track individual users across sites. Data is processed by Vercel, Inc. (USA) and is used solely to understand site usage and improve the experience. See the Vercel Analytics Privacy Policy.
4. Cookies
This website uses only essential cookies required for functionality (e.g., theme preference). No third-party tracking or analytics cookies are used. Session data for the chat assistant is stored in your browser's sessionStorage and is automatically cleared when you close the tab.
5. Third-Party Services
| Service | Purpose | Provider |
|---|---|---|
| OpenAI API | AI Chat Assistant | OpenAI, Inc. (USA) |
| LangSmith | Chat observability & evaluation | LangChain, Inc. (USA — EU data residency) |
| Vercel | Hosting | Vercel, Inc. (USA) |
| Vercel Analytics | Anonymized usage analytics | Vercel, Inc. (USA) |
Data transfers to the USA are conducted under appropriate safeguards, including the EU-U.S. Data Privacy Framework where applicable.
6. Your Rights (GDPR)
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Delete your data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
To exercise any of these rights, please contact me.
7. Data Retention
Contact form submissions and bookings are retained for up to 12 months after the inquiry or engagement is completed, then deleted. Newsletter subscriptions are retained until you unsubscribe. You may request earlier deletion of your data at any time — please contact me.
8. Changes to This Policy
This policy may be updated from time to time. The "Last updated" date at the top reflects the most recent revision.