Privacy
Last updated: 2026-05-12
MyDataSights is a local-first application. The web app at app.mydatasights.app runs entirely in your browser, and the desktop builds run entirely on your machine. This page tells you the few exceptions and what they mean.
1. Who runs this site
See the imprint for operator identity and contact details.
2. What the server (mydatasights.app) processes
The marketing site you are reading and the SPA at
app.mydatasights.app are static files served by
Cloudflare Pages.
Cloudflare necessarily logs your IP address and
User-Agent for security, abuse prevention, and basic
service delivery. We do not configure these logs and do not have access to
query them at scale. Cloudflare retains them per its policy (typically less
than 30 days).
Legal basis (GDPR Art. 6(1)(f)): legitimate interest in delivering the site securely.
3. What is stored in your browser
The app uses IndexedDB, LocalStorage, and Cache Storage to keep:
- your workspace data (the files you drop in, your annotations);
- downloaded AI model files, so they don't have to re-download;
- the SPA shell, so the app works offline.
This storage is strictly necessary for the app to function (ePrivacy Directive 5(3) exemption) — you opened a workspace tool whose explicit purpose is to keep your data on your device. No consent banner is required, and we set no cookies.
You can clear this storage at any time via Settings → Reset Workspace inside the app, or via your browser's site settings.
4. Third parties your browser contacts
When you choose to download an AI model from inside the app, your browser
fetches it directly from Hugging Face Hub
(huggingface.co). Your IP and User-Agent are visible to Hugging
Face for that request. See Hugging Face's privacy policy.
The download happens once per model; the Service Worker caches it
locally afterwards.
No other third-party services — no analytics, no error reporting, no ad networks, no embedded media, no CDN-hosted fonts.
5. International transfers
Cloudflare and Hugging Face have their own published transfer mechanisms (Standard Contractual Clauses, adequacy decisions where applicable). We rely on their published posture and link to it rather than re-executing separate agreements at our scale.
6. Your rights under GDPR
You have rights of access, rectification, erasure, restriction, objection, and portability (Arts. 15–22 GDPR). Because we hold no personal data about you on our servers, most of these are exercised on your own device:
- Access / portability — Settings → Export Workspace inside the app produces a zip of everything we know about you. We have no separate copy to send.
- Erasure — Settings → Reset Workspace clears everything in your browser; or clear site data via your browser settings.
- Objection — close the tab.
If you believe we are processing your personal data unlawfully, you may contact [email protected] or lodge a complaint with your local data-protection supervisory authority.
7. Automated decision-making
The app runs AI models locally on your device. No automated decision produces a legal or similarly significant effect on you (GDPR Art. 22). All AI outputs are advisory and visible to you before you act on them.
8. Children
The app does not target children and does not knowingly collect data from them. There is no account system to collect data from in the first place.
9. Changes to this notice
We may update this notice to reflect changes to the app or the regulatory environment. Material changes will be flagged in the app's release notes.
10. Contact
[email protected]
See also the imprint.