Privacy Policy

This Privacy Policy explains how The Gideon Project ("TGP", "we", "us", or "our") collects, uses, stores, and shares personal data when you use our website, contact us, or submit a partner inquiry.

TGP is based in Aarhus, Denmark. If you have questions about this Privacy Policy or want to exercise your privacy rights, you can contact us at [email protected].

This Privacy Policy covers personal data collected through the public TGP website, including browsing activity on the site, contact inquiries, partner applications, and related communications connected with potential projects or collaboration discussions.

It does not automatically govern how client products, client platforms, or third-party services process personal data. Those products or services may have their own privacy terms, data processing terms, or contractual arrangements.

Depending on how you interact with the site, we may collect the following categories of personal data:

• contact details and message content, such as your name, email address, subject line, and the content of your inquiry
• partner application details, such as your name, email address, company name, website, selected partner type, and your message
• technical and usage data, such as IP address, page path, page title, referrer information, source origin, session or visitor identifiers, browser information, operating system, device type, and time spent on pages
• communications and follow-up records connected with project discussions, partnership discussions, or support-style contact

We collect personal data directly from you when you contact us, submit a form, email us, or otherwise communicate with us.

We also collect limited technical data automatically when you browse the site, including when analytics or similar website measurement tools are enabled based on your cookie or storage choices.

We use personal data to operate and improve the website, understand usage patterns, respond to inquiries, review potential partnerships, discuss possible work opportunities, protect our systems, and manage communications through our internal dashboard and related workflows.

• provide and maintain the website
• measure traffic and understand which pages or sources are useful to us
• respond to contact requests and project inquiries
• review and process partner applications
• manage internal records connected with potential clients, partners, and communications
• detect abuse, investigate issues, and protect the website and connected systems

Where required by applicable law, we rely on one or more legal bases to process personal data.

For website analytics or similar technologies that require consent, we rely on your consent.

For inquiries, partner applications, communications, website security, and day-to-day operation of the site, we generally rely on our legitimate interests in running and protecting TGP, managing incoming requests, and developing business relationships.

In some cases, we may also process data where doing so is necessary to take steps at your request before entering into an agreement or to comply with legal obligations.

The website may use cookies or similar technologies, including browser local storage and session storage, to remember consent choices and, where you allow it, to support website analytics.

If analytics are enabled, we may generate visitor and session identifiers and collect related usage information such as visited pages, timing information, referrer data, browser details, device type, operating system, IP address, and user-agent data.

Analytics events are handled through TGP's internal dashboard infrastructure. You can accept or decline analytics-related storage and tracking through the website's consent flow.

We do not sell personal data.

We may share personal data with service providers and infrastructure partners that help us run TGP and the website. Depending on the context, this may include hosting or infrastructure providers, our internal dashboard infrastructure, Midori AI, and technology providers we use in connection with our workflows, including OpenAI and Anthropic.

By default, inquiry and application data are handled internally within TGP. In rare cases, we may share relevant information with an independent partner where that is reasonably connected to your request, project discussion, or partnership discussion.

We may also disclose personal data where necessary to comply with law, enforce our rights, protect the website or our systems, or in connection with a business or operational reorganization.

Because some of the providers and tools used in connection with TGP operate internationally, personal data may be processed outside Denmark or the European Economic Area, including in the United States or other countries where our providers or their subprocessors operate.

This matters because providers such as Midori AI, OpenAI, and Anthropic may process data through infrastructure or teams located in the United States. Where required, we aim to use appropriate safeguards for international transfers, such as contractual protections, standard contractual clauses, or other lawful transfer mechanisms recognized under applicable data protection law.

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to respond to inquiries, evaluate applications, maintain internal records, operate the website, protect our systems, and meet legal, accounting, or operational requirements.

As a general rule, we aim to retain website analytics data, contact inquiries, partner applications, and lead or discussion records for around 30 to 90 days.

We may keep data for a longer period where this is reasonably necessary for an active conversation, project setup, security investigation, dispute, legal requirement, or legitimate business record.

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, disclosure, misuse, alteration, and loss. No system or transmission method is perfectly secure, and we cannot guarantee absolute security.

Depending on your location and applicable law, you may have the right to request access to personal data we hold about you, request correction or deletion, object to certain processing, request restriction of processing, withdraw consent where processing is based on consent, and request data portability where applicable.

You may also have the right to complain to a supervisory authority. If you are in Denmark, that authority is Datatilsynet.

The website is not directed specifically to children. Please do not submit sensitive or unnecessary personal data through the site. If you believe a child has provided personal data to us in a way that should not have happened, contact us and we will review the situation.

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The latest version will be posted on this page with an updated effective date.

If you have questions about this Privacy Policy or want to make a privacy-related request, contact us at [email protected].