Effective Date: 17 June 2025
Last Updated: 24 August 2025
This Policy explains how Forecastler (the “Platform”, “we”, “us”, “our”) collects, uses, shares, and protects your data when you use our services. By using the Platform, you confirm that you have read and understood this Policy together with our Terms of Use and Disclaimer. If you do not agree, please do not use the Platform.
Controller: Forecastler Team
Privacy contact: forecastlerteam@gmail.com
If we appoint a Data Protection Officer (DPO), we will publish their details here.
• Platform/Service: the Forecastler website, applications, APIs, and related systems.
• User: a person using the Service (registered or unregistered).
• Personal data: information relating to an identified or identifiable natural person.
• Processing: any operation performed on personal data (e.g., collection, storage, use, disclosure).
This Policy aligns with general data-protection principles under applicable laws (including the GDPR and the Serbian Personal Data Protection Act).
3.1 Data you provide
• Text inputs (questions, context descriptions, etc.) — used solely to generate AI answers.
• Communications with us (e.g., support requests, complaints).
Note on accounts. Registration is not currently enabled. We do not collect account data (name, username, password). If we introduce accounts, we will update this Policy before such processing begins.
3.2 Data collected automatically
• Technical and log data: IP address, access date/time, URL requests, device/browser identifiers, OS version, language settings, errors, diagnostics.
• Usage data: e.g., number of queries, clicks, page views, session duration.
3.3 Cookies and similar technologies (Google Analytics 4 in cookieless mode)
We do not set cookies for analytics. We use Google Analytics 4 (GA4) in a cookieless configuration, so traffic measurement relies on aggregated, non-identifying signals and does not use local device identifiers stored on your device.
Standard server logs do not contain the content of your inputs and are used solely for security and diagnostics. localStorage/sessionStorage are used only for interface functionality (see the Cookies Policy) and are not connected to GA4.
GA4 privacy (EU mode):
– In the EU, GA4 does not log or store IP addresses; IP is discarded before logging.
– We do not enable Google Signals or advertising features; we do not personalize and do not connect GA4 to external advertising products.
– We do not send GA4 any personal data (PII) such as names, email addresses, or account identifiers.
Note: If we later introduce cookies (e.g., for more detailed analytics or advertising), we will update this Policy and, where required, obtain your consent before setting any non-essential cookies.
3.4 Sensitive data
We do not seek sensitive data (e.g., health, political/religious beliefs, sexual orientation, biometrics). Please do not submit such data.
If you choose to submit them, you provide explicit consent for processing within this Policy’s scope; you may withdraw consent (see Your rights).
3.5 Input privacy and visibility
• Your text inputs are used solely to generate AI answers and are not publicly visible to other users.
• We do not share your inputs with other users unless you publish them via a feature you intentionally activate.
• We may use anonymized/aggregated data for statistics and service improvement, without enabling identification of you.
We process data only where a legal basis exists (GDPR Art. 6 or equivalent national law):
• Service delivery (contract/pre-contractual steps).
• Security and abuse prevention (our legitimate interests).
• Communications (contract/legitimate interests).
• Marketing (only with your consent; you can withdraw at any time).
• Legal obligations (e.g., responding to lawful requests).
• Model improvement/AI evaluation (legitimate interests or consent; see §7).
• Usage analytics (GA4, cookieless): processing under legitimate interests (Art. 6(1)(f) GDPR) for basic traffic, performance, and stability measurement without cookies and without personalization. We conducted a balancing test and apply minimization measures (no IP logging in GA4, no PII, no advertising features). If we later introduce cookies or ad features, the legal basis for those purposes will be your consent (Art. 6(1)(a)).
• To provide core functionality (processing inputs, generating answers).
• To personalize the experience (e.g., interface language).
• To measure performance and troubleshoot technical issues.
• To prevent abuse (spam, malicious activity).
• To communicate with you (support, service notices, optional newsletters).
• To analyze aggregated trends and improve model/service quality.
• “No-storage” mode: when enabled, text inputs are retained only as technically necessary to generate the answer, then deleted or anonymized.
We do not sell personal data. We may share data:
• With processors (hosting, security, technical support) acting on our instructions under a data-processing agreement (without any right to publish your inputs).
• With third parties at your request/consent (e.g., integrations).
• For legal compliance (in response to lawful requests by authorities).
• In corporate changes (merger/acquisition/reorganization), with appropriate safeguards and notice.
• Processor – analytics: we use Google Ireland Limited (Google Analytics 4) as our processor for cookieless traffic measurement. In limited cases, data may be transferred to related entities of Google LLC (USA) with appropriate safeguards (e.g., Standard Contractual Clauses and/or other valid transfer mechanisms). GA4 is configured with no IP logging, no Google Signals, and no PII.
If we use third-party analytics/advertising services in the future, you will be informed in the Cookies Policy and/or a preferences center.
The Platform generates YES/NO answers and probability percentages using AI models for informational purposes and does not produce legal or similarly significant effects about you without human involvement.
• Your information may be used for evaluations and model improvement based on legitimate interests or your consent, with available opt-out mechanisms.
• We will apply pseudonymization/anonymization where reasonably possible and lawful.
Data may be processed outside your jurisdiction. We apply appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions, technical/organizational measures) to ensure a protection level consistent with applicable law.
Where necessary for GA4, we rely on valid transfer mechanisms and apply minimization (no cookies, no IP, no PII).
We implement technical and organizational measures (access control, in-transit encryption, segmentation, access logging, regular security reviews). No system is 100% secure; you are responsible for keeping any access credentials confidential.
We keep data only as long as necessary for the purposes in this Policy, unless a longer period is required or permitted by law. As a guideline:
• Log/technical records: typically 12–24 months.
• localStorage/sessionStorage: on your device until you delete it or the app resets local data.
• Analytics (GA4, cookieless): retained according to GA4’s event-data settings — up to 2 months (default) or up to 14 months if we expressly extend it; then deleted or anonymized. Aggregated reports (without user identification) may be kept longer for historical metrics.
“No-storage” mode: inputs are not retained after processing completes (except short technical logs without the input text itself).
Subject to law, you have the right to be informed and to access your data; to rectify inaccuracies; to erase data (“right to be forgotten”); to restrict processing; to data portability; to object (to processing based on legitimate interests or to direct marketing); and to withdraw consent (without affecting prior lawful processing).
You may request deletion of your text inputs and related personal data. After verifying your identity, we will delete/anonymize them within a reasonable time, unless retention is legally required.
You also have the right to object to analytics processing based on legitimate interests; in such case we will stop processing your data for that purpose unless we demonstrate compelling legitimate grounds.
Send requests to forecastlerteam@gmail.com We will respond within 30 days or the statutory period. You also have the right to lodge a complaint with the Serbian Data Protection Authority or the authority in your country of residence.
The Platform is not intended for persons under 13. Individuals 13–18 may use the Platform with parental/guardian consent and supervision. If you believe we process a child’s data without a valid basis, please contact us.
External sites have their own policies; we are not responsible for their content or practices. We recommend reviewing their policies before use.
We send marketing messages only with your consent. You can unsubscribe at any time (via the email link or by contacting us per §1). Service notices may be exempt from opt-out.
We may update this Policy from time to time. New versions will be posted with an updated date; your continued use of the Platform signifies acceptance of the changes.
The Platform may be available in multiple languages. In case of any inconsistency between translations, the English version prevails unless mandatory rules of your residence require otherwise.
