This is a personal experiments website. The text below explains what personal data the site processes and why. If something here is unclear, write to julien.colot@gmail.com.

It's me Julien Colot, an EU-based individual (Belgium). There's no company, no team, it's a one-man show. Just personal internet personal lab with a few experiments running.

The site does not use any analytics, advertising, fingerprinting, or behavioural tracking.

When you sign in, the site stores a JSON Web Token in your browser'slocalStorage so you stay signed in across page reloads. Your email is also cached locally for the user-menu display. During the OAuth round-trip, a temporary value is stored insessionStorage to remember which page you were on so you land back there.

All of this is strictly necessary for the sign-in feature you explicitly asked for. None of it is used for tracking. Under the EU ePrivacy Directive's "strictly necessary" exception, this storage does not require a consent banner.

You can clear it any time by signing out (the toggle in the header).

No data is intentionally transferred outside the EU. The Google sign-in step is the one place where data may briefly transit Google's global infrastructure; that's outside this site's control and is governed by Google's policies.

Processing your account data and tasks is based on contract performance (Art. 6(1)(b)) — you signed in to use the site's features, so the site needs to handle your identity and your data to provide them. Server logs rely on legitimate interest (Art. 6(1)(f)) for debugging, abuse prevention, and operational security.

Under GDPR, you can:

• Access the data the site holds about you (your user record + tasks).
• Correct incorrect data (you can edit your tasks directly; for the user record, email me).
• Delete your account and all associated data ("right to erasure"). Email julien.colot@gmail.com with the email address you signed in with and I'll delete the record promptly.
• Export your data in a portable format. Same process — email me.
• Object to the processing or complain to your local data-protection authority.

User accounts and tasks are kept for as long as your account exists. On deletion, both are removed from the database. Server logs roll over within a few weeks.

Authentication tokens are signed with a secret only the server knows; tampered tokens are rejected. The connection between your browser and the backend is encrypted (HTTPS/TLS). Tasks are scoped to the authenticated user at the API layer — other signed-in users cannot read your data through the public API.

A practical note: as the site administrator, I have technical access to the database and can therefore read task data. I don't and I won't, but you're trusting that I won't. Don't put genuine secrets here. Another moral engagement: I won't train any AI models on this data, and I won't use it for any purpose other than providing the service. In particular, I won't process your data with any third-party services, any Large Language Models (LLMs) or even machine learning models. The only derived data that I might extract is aggregated statistics like "number of users" or "number of tasks", that would allow me to know how much I need to scale the infrastructure, and that's it.

If this notice changes meaningfully, the "Last updated" date at the top will move and any signed-in user will see a small notice on their next visit.

Anything related to your data: julien.colot@gmail.com.