Ioan Biticu

Privacy Policy

← back to CV

Last updated: 16 June 2026

This policy explains what data ioan.dev handles and why. It applies alongside the Terms of Service. Short version: I collect as little as possible, and the interactive features are built to keep it that way.

1. Summary

  • This is a personal site. There are no advertising or tracking cookies, and no third-party analytics.
  • The CV chat sends your questions to OpenAI to generate answers; conversations are not stored for model training (store: false).
  • Article rewrites run on a self-hosted local model — that text does not leave my infrastructure.
  • For rate-limiting I store a one-way salted hash of your IP address, never the raw address.
  • If you use the Todoist setup flow, the API token you enter is used to configure a job on your own account and is handled as a secret.

2. Who is responsible

The data controller for this Site is Ioan Biticu. For any privacy question or request, email ioan.biticu.dev@gmail.com.

3. What I collect and why

DataWhenWhy
Chat messages you typeWhen you use the CV assistantTo generate an answer (sent to OpenAI)
Salted hash of your IP address + timestampEach CV-chat requestPer-visitor and site-wide rate limiting / abuse control
Your timezone, chosen project list, and Todoist API tokenOnly if you run the Todoist setup flowTo register and run the nightly due-date refresh you requested
Standard server logs (e.g. requests, errors)OngoingTo operate, debug, and secure the Site

4. The CV chat assistant

When you ask the assistant a question, your message and the public CV text are sent to OpenAI to produce an answer. I request that OpenAI not retain the exchange for training (store: false); OpenAI may still process it transiently and apply its own moderation under its policies. Please don’t enter sensitive personal information into the chat. I do not keep a durable, identifiable transcript of your conversation on the Site — chat state lives only for the duration of your connection.

5. Article rewrites

The article summary/rewrite features run on a self-hosted local model. The article text and the generated output stay on my own infrastructure and are not sent to any third-party AI provider.

6. Rate-limiting data

To stop abuse and cap cost, each CV-chat request is counted against a per-visitor and a site-wide limit. To do this I store a salted SHA-256 hash of your IP address together with a timestamp — never the raw IP address. Records older than the rate-limit window (currently 24 hours) are deleted automatically, and rotating the salt erases the link to any earlier counts.

7. The Todoist setup flow

This feature is entirely optional and only runs if you choose to set it up. During the flow you provide your timezone, optionally a list of projects, and your Todoist API token. The token is:

  • entered in a masked field and treated as a secret — it is never echoed back to the screen or written into the visible conversation;
  • used to validate your account and to register a nightly job that resets overdue due dates, as described in the article;
  • handled on my own infrastructure and transmitted between machines over a private network (Tailscale) — it is not shared with any unrelated third party.

Because the nightly job needs the token to keep running, it is retained for as long as the job is active. You can ask me to delete it and cancel the job at any time by emailing ioan.biticu.dev@gmail.com. You can also revoke the token yourself in Todoist’s settings, which immediately stops it working.

8. Cookies and tracking

The Site does not use advertising cookies, cross-site trackers, or third-party analytics. Any browser storage used is strictly functional (for example, remembering your interface preferences). Your browser may report your timezone to pre-fill the Todoist flow; that is used only for that purpose.

9. Third parties

  • OpenAI — processes CV-chat questions to generate answers.
  • Todoist — receives API calls made with the token you supply, if you use the setup flow.
  • Hosting / infrastructure providers — host the Site and store server logs on my behalf.

10. Retention

Rate-limiting hashes are kept only for the rolling limit window and then deleted. CV-chat conversations are not durably stored by the Site. Todoist tokens are kept while the job you registered is active and removed on request or when the job is cancelled. Server logs are kept for a short period for security and debugging.

11. Your rights

Depending on where you live, you may have rights to access, correct, or delete your personal data, or to object to its processing. Because I deliberately avoid storing identifiable data for most features, there is usually little to retrieve — but for anything you have submitted (notably a Todoist token), email ioan.biticu.dev@gmail.com and I will action your request.

12. Children

The Site is not directed at children and I do not knowingly collect data from anyone under 16.

13. Changes

I may update this policy; the “Last updated” date above reflects the current version. Material changes will be reflected here.

14. Contact

For any privacy question or request, email ioan.biticu.dev@gmail.com.

Terms of ServicePrivacy PolicyArticles