Privacy — Integrator

Status note. This page is the privacy notice for integrator.polistician.ai. What follows describes (a) the operation of this marketing page and (b) the data architecture of the live service.

Controller

This marketing page

The page is hosted on Amazon Web Services (Lightsail, Frankfurt region). Standard web-server logs (IP, user-agent, timestamp) are produced server-side and rotated after 14 days. No cookies are set, no tracking is used, and no third-party analytics scripts are loaded. Web fonts are loaded from Google Fonts; when that connection is enabled, the browser transmits the IP address to Google. A self-hosted variant is planned.

The notify form

The only interactive element on the page is an email field for notification at lift-out. On submit the address is posted to the endpoint /api/diss-request with the marker kind="integrator_interest" and stored in a SQLite database on the server above. No automatic mail-out is performed — the address is used exactly once, to notify when Integrator is available as a product. The address can be deleted at any time on request to the email above.

Architecture of the prototype (no production multi-user operation)

The architecture described on the marketing page (connector discovery, OAuth token vault, event-bus health system) runs inside the application SOMA and processes only the operator’s own data. Integrator does not run as a standalone multi-user service. Concretely, in the prototype:

• Tokens are stored encrypted in the SQLite schema data_sources. Encryption uses Fernet (symmetric). The key is loaded from an environment variable on the server.
• Refresh tokens are written back to the same encrypted column on rotation.
• Health data (record counts, error messages) is logged on the soma_events bus — without payload contents.
• Connectors (Garmin, Google, Weather, Screen Time, Supernote, crypto portfolio) decrypt tokens server-side at API-call time. End-to-end encryption is explicitly not claimed.

At lift-out (planned)

Once Integrator is available as a standalone product, this privacy notice will be revised before any multi-user operation begins. In particular, data-processing agreements with third-party providers (Garmin, Google, etc.) and a permission model for granular per-app subscriptions will be documented at that point.

What this page explicitly does not do

• No tracking, no cookies, no pop-ups.
• No transmission of form data to third parties.
• No processing of third-user data — the prototype runs only against the operator’s own accounts.
• No newsletter signup. The notify field is a one-time notification — nothing more.

Legal basis

Processing the email address from the notify form: Art. 6(1)(a) GDPR (consent by submission). Server logs: Art. 6(1)(f) GDPR (legitimate interest in stable operation).

Retention

Server logs: 14 days. Notify addresses: until the lift-out notification is sent, then deletion. Immediate deletion on request by mail.

Your rights (Art. 15 ff. GDPR)

Access, rectification, deletion, restriction, objection, complaint to a supervisory authority. Informal requests to the email above.