Ioan Biticu
Last updated: 16 June 2026
This policy explains what data ioan.dev handles and why. It applies alongside the Terms of Service. Short version: I collect as little as possible, and the interactive features are built to keep it that way.
store: false).The data controller for this Site is Ioan Biticu. For any privacy question or request, email ioan.biticu.dev@gmail.com.
| Data | When | Why |
|---|---|---|
| Chat messages you type | When you use the CV assistant | To generate an answer (sent to OpenAI) |
| Salted hash of your IP address + timestamp | Each CV-chat request | Per-visitor and site-wide rate limiting / abuse control |
| Your timezone, chosen project list, and Todoist API token | Only if you run the Todoist setup flow | To register and run the nightly due-date refresh you requested |
| Standard server logs (e.g. requests, errors) | Ongoing | To operate, debug, and secure the Site |
When you ask the assistant a question, your message and the public CV text are sent to OpenAI to produce an answer. I request that OpenAI not retain the exchange for training (store: false); OpenAI may still process it transiently and apply its own moderation under its policies. Please don’t enter sensitive personal information into the chat. I do not keep a durable, identifiable transcript of your conversation on the Site — chat state lives only for the duration of your connection.
The article summary/rewrite features run on a self-hosted local model. The article text and the generated output stay on my own infrastructure and are not sent to any third-party AI provider.
To stop abuse and cap cost, each CV-chat request is counted against a per-visitor and a site-wide limit. To do this I store a salted SHA-256 hash of your IP address together with a timestamp — never the raw IP address. Records older than the rate-limit window (currently 24 hours) are deleted automatically, and rotating the salt erases the link to any earlier counts.
This feature is entirely optional and only runs if you choose to set it up. During the flow you provide your timezone, optionally a list of projects, and your Todoist API token. The token is:
Because the nightly job needs the token to keep running, it is retained for as long as the job is active. You can ask me to delete it and cancel the job at any time by emailing ioan.biticu.dev@gmail.com. You can also revoke the token yourself in Todoist’s settings, which immediately stops it working.
The Site does not use advertising cookies, cross-site trackers, or third-party analytics. Any browser storage used is strictly functional (for example, remembering your interface preferences). Your browser may report your timezone to pre-fill the Todoist flow; that is used only for that purpose.
Rate-limiting hashes are kept only for the rolling limit window and then deleted. CV-chat conversations are not durably stored by the Site. Todoist tokens are kept while the job you registered is active and removed on request or when the job is cancelled. Server logs are kept for a short period for security and debugging.
Depending on where you live, you may have rights to access, correct, or delete your personal data, or to object to its processing. Because I deliberately avoid storing identifiable data for most features, there is usually little to retrieve — but for anything you have submitted (notably a Todoist token), email ioan.biticu.dev@gmail.com and I will action your request.
The Site is not directed at children and I do not knowingly collect data from anyone under 16.
I may update this policy; the “Last updated” date above reflects the current version. Material changes will be reflected here.
For any privacy question or request, email ioan.biticu.dev@gmail.com.