Privacy policy

Ali Madjaji, sole operator of LLM Radar (llmradar.eu). Contact for any privacy question: privacy@llmradar.eu.

Only the data you deliberately send us, plus minimal server-side logs needed to keep the site usable:

• Feedback forms (/corrections, /right-of-reply, /suggest): the text of your submission plus an optional email address if you want a reply. Legal basis: your consent (GDPR Art. 6(1)(a)).
• EU-readiness report download: your email address (required to deliver the PDF you asked for), plus — only if you tick the boxes — a per-entry watchlist subscription and/or our quarterly update subscription. Legal basis: performance of the service you requested (Art. 6(1)(b)) for the PDF; consent (Art. 6(1)(a)) for the optional opt-ins.
• Compliance advisor (/advisor): your answers live only in the URL and in your browser. We don't store them on our servers.
• Abuse-prevention logs: when you submit a form or download a report, we store a one-way SHA-256 hash of your IP address (salted, not reversible) and your browser's user-agent string. This is used only to detect spam and to enforce per-IP rate limits. Legal basis: our legitimate interest in keeping the site working (Art. 6(1)(f)).

We do not use cookies, pixels, session replay, fingerprinting, Google Analytics, or any ad-tech tracker. We do use Umami (see §3) — a cookieless analytics tool that stores only anonymous, aggregated page-view counts and referrer domains. No individual user can be identified from what Umami records.

• Vercel Inc. (USA) — web hosting. Data in transit may pass through US infrastructure; transfers are covered by Standard Contractual Clauses and the EU–US Data Privacy Framework.
• Supabase Inc.(USA, with AWS EU regions) — database. LLM Radar's database is provisioned in an EU region; same SCC framework applies for any administrative access.
• Umami Software Inc. — cookieless page-view analytics. Umami Cloud is hosted in Germany (Hetzner) and stores only aggregated, anonymous counts: page URL, referrer domain, browser family, OS family, country (derived from IP then discarded). No cookies are set. No individual visitor profiles are built. See Umami's privacy page for the full data-processing list.

No data is sold, shared with advertisers, or used to train models.

• Feedback submissions: up to 12 months after triage, then deleted unless still relevant to an active correction thread.
• Dossier-request log (the audit trail of who downloaded what): 24 months, then deleted.
• Watchlist & newsletter subscriptions: until you unsubscribe. Every email we send includes a one-click unsubscribe link.
• Abuse-prevention logs (IP hash, user-agent): 30 days.

Under Articles 15–22 of the GDPR you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data deleted (“right to erasure”);
• restrict or object to processing;
• withdraw any consent you've given, at any time;
• lodge a complaint with your national supervisory authority (for France: CNIL; for Germany: your Land's DPA; etc.).

To exercise any of these, email privacy@llmradar.eu. We aim to respond within 30 days as required by law.

LLM Radar is aimed at compliance, procurement, and engineering professionals. We don't knowingly collect data from anyone under 16.

Material changes are announced on the changelog with the date shown at the top of this page. We don't retroactively apply new uses of data to information collected under an older policy without your consent.