Privacy Policy

Version 1.2 Effective: 14/09/2025 Current Version
← Back to Current Policy

All Versions

v1.2 14/09/2025 Privacy Policy Changes Summary Major Changes Made 1. Service Rebranding Added Section 1.3 - Service Rebranding Notice Documents transition from "The Dotty Initiative" to "Glorktelligence" Confirms continuity of all privacy protections and data handling practices Explains domain change from dotty-initiative.co.uk to glorktelligence.co.uk 2. Content Streamlining Removed Section 5 (Data Sharing and Third-Party Disclosure) - duplicate content Renumbered all subsequent sections (6→5, 7→6, 8→7, etc.) Consolidated data sharing information into Section 11 (formerly Section 12) Improved readability by eliminating redundant information 3. Legal Language Enhancement Updated Section 17 (Acknowledgment and Consent) Added explicit consent requirement language Clarified click-to-accept mechanism Added "legally binding agreement" clause for stronger legal protection 4. About Section Update Revised "About Glorktelligence" paragraph Changed from focus on "Void Smasher's creations, including game modifications" Updated to emphasize "privacy-first technology platform" Highlights rejection of tracking and data harvesting 5. Minor Corrections Fixed typo in Section 3.2 header (removed extra backtick) Updated all contact references to mention "dedicated contact area" Summary of Benefits Improved User Experience: Eliminated confusing duplicate content Enhanced Legal Protection: Stronger consent language and click-to-accept documentation Clear Rebranding Documentation: Transparent communication about service transition Better Positioning: Updated description reflects current platform focus on privacy-first technology
v1.1 08/09/2025 MAJOR UPDATE !!!! Data Transparency Notice Added Summary of Changes: Added Section 1.2 "Recent Privacy Improvements and Future Enhancements" Disclosed inadvertent IP address collection through Laravel's default session system Documented immediate corrective actions taken (switched to file sessions, purged existing IP data) Outlined our future plans for custom session handler development Reinforced commitment to proactive privacy protection and transparency Impact: This update demonstrates our ongoing commitment to identifying and correcting any unintended data collection, even when caused by framework defaults rather than deliberate design choices. Action Required: No action required from users. All corrective measures have been implemented automatically.
v1.0 30/08/2025 Initial Policy Creation
Privacy Policy
Effective Date: 31/08/2025
Last Updated: 15/09/2025

1. Introduction

Welcome to Glorktelligence ("we," "our," or "us"). This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and AI-powered services.

Our Commitment: We are committed to protecting your privacy and being transparent about our data practices. We only collect information that is necessary for providing our services.

1.2 Recent Privacy Improvements and Future Enhancements

Transparency Notice: We recently discovered that our session management system was inadvertently collecting IP addresses through Laravel's default session storage. This was not intentional and conflicted with our privacy-first principles. We have immediately:

- Switched to file-based sessions that do not collect IP addresses
- Purged all previously collected IP address data from our systems
- Updated our infrastructure to prevent future inadvertent data collection

Future Privacy Enhancement: We are exploring the development of a custom database session handler that would allow us to return to database-based session storage while maintaining complete control over what data is collected. This potential solution would eliminate Laravel's default IP address collection entirely while preserving the benefits of database session management that align with our infrastructure preferences.

This demonstrates our ongoing commitment to minimizing data collection and maintaining your privacy through both immediate action and continued privacy-focused development.

NOTICE: Above notice will be pushed to Historical Versions in 3 Policy Revisions

## 1.3 Service Rebranding Notice

**Effective Date: 15/09/2025**

**Historical Context:** This service was previously operated under the name "The Dotty Initiative." All references to "Glorktelligence" in this policy apply to the same service, technical infrastructure, and data processing practices that were previously provided under "The Dotty Initiative."

**Continuity of Service:** This rebranding represents a name change only. All privacy protections, data handling practices, user rights, and service commitments remain identical and uninterrupted. No changes have been made to:

- Data processing methods or storage location
- Privacy protection measures and encryption standards
- User rights under UK GDPR
- Security infrastructure or self-hosted server practices
- Our commitment to privacy-first principles and rejection of data harvesting
- Session management and cookie policies
- AI processing methods (local Ollama systems)

**Domain Transition:** Our service domain has changed from dotty-initiative.co.uk to glorktelligence.co.uk. All technical infrastructure, including our self-hosted servers and AI processing capabilities, remains unchanged during this transition.

**Historical Policies:** Previous versions of this privacy policy under "The Dotty Initiative" name remain available in our policy archive and reflect the same privacy standards and protections now provided under the Glorktelligence name. These archived policies demonstrate our consistent commitment to user privacy from our service inception.

**Contact Information Update:** All contact methods have been updated to reflect our new branding while maintaining the same dedicated privacy support and response times outlined in this policy.

2. GDPR Data Controller and Roles

Data Controller: Glorktelligence
Contact via dedicated contact area selecting Privacy
Location: United Kingdom

Data Protection Responsibilities:

Data Controller (Glorktelligence): Determines how and why personal data is processed
Data Processor: We act as our own data processor for all services
Data Protection Officer: For privacy inquiries, use our dedicated contact area selecting Privacy

3. Information We Collect and Legal Basis

3.1 Account Information

What we collect:

Name
Email address
Password (encrypted and securely stored)
Legal Basis: Contract Performance - This information is necessary to provide you with an account and deliver our services.

3.2 System-Generated Information

What we generate:

User role information (for access control and feature permissions)
Account creation timestamps
Chat tier assignments
Legal Basis: Legitimate Interest - We need this information to manage system access and provide appropriate service levels while protecting your interests.

3.3 Service Usage Data

What we collect:

AI Chat Messages: Your conversations with our AI chat system (securely encrypted - only you can access these)
Story Generation Requests: Prompts and generated stories
Usage Statistics: Basic usage counts for chat messages and sessions (for system management)
Legal Basis: Contract Performance - This data is necessary to provide the AI services you've requested and maintain system functionality.

3.4 Automatically Collected Information

What we collect:

Session cookies (essential for login functionality)
CSRF tokens (for security)
Instance preferences (for AI system administration)
Usage timestamps (for basic system management)
Legal Basis: Legitimate Interest - These are essential for website security, preventing fraud, and basic system operation.

4. How We Use Your Information

We use your information solely to:

Provide Services: Enable AI chat and story generation features
Maintain Security: Protect against unauthorized access and maintain system security
Improve Functionality: Monitor system performance and optimize AI responses
Account Management: Manage user accounts and access permissions
PDF Document Access: Provide secure viewing of admin-uploaded documents (no usage tracking)

We do NOT:

Sell your personal information to third parties
Use your data for advertising or marketing
Share your AI conversations or generated content with others
Track your browsing behaviour or website usage patterns
Track you across other websites


5. Data Storage and Security

5.1 Security Measures

All passwords are encrypted using industry-standard methods
AI conversations and generated content are encrypted in our database
Access to personal data is restricted to essential system functions only
Regular security updates and monitoring

5.2 Data Encryption and Protection

Automatic Encryption: All personal data you enter into our dashboard features is automatically encrypted using AES-256-CBC encryption before being stored in our database. This includes:

Scratch Pad Content: Your personal notes and ideas are encrypted at rest
Todo Items: Task titles and descriptions are encrypted for privacy
Saved Links: Link titles, URLs, and descriptions are encrypted before storage
Personal Dashboard Data: All user-generated content in dashboard features is protected

Encryption Technical Details:

Encryption Method: AES-256-CBC with HMAC-SHA256 authentication
Key Management: Encryption keys are stored separately from encrypted data using Laravel's secure key management
Data Protection: Even if someone gained unauthorized database access, your personal information would be unreadable without encryption keys
Transparent Operation: Encryption and decryption happen automatically - you don't need to do anything special

Your Responsibility for Sensitive Data: While we encrypt your data for protection, we strongly recommend you do not enter the following types of sensitive information anywhere on our platform:

Financial Information: Credit card numbers, bank account numbers, routing numbers
Government IDs: Social Security Numbers, passport numbers, driver's license numbers
Security Credentials: Passwords, PINs, security questions/answers, API keys
Medical Information: Health records, medical IDs, protected health information
Other Confidential Data: Any information that could be used for identity theft or unauthorized access

Automated Protection: Our system includes validation to detect and prevent entry of potentially sensitive information patterns (such as credit card numbers or Social Security Numbers). You will receive warnings if our system detects such patterns.

5.3 Data Retention

Account Data: Retained while your account is active
AI Conversations: Stored encrypted for service functionality (you can delete chat sessions)
Generated Stories: Stored temporarily unless saved by you
Logs: Technical logs retained for up to 90 days for security and performance monitoring

6. Your Rights Under UK GDPR

As a UK resident, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate personal data
Erasure: Request deletion of your personal data
Portability: Receive your data in a portable format
Restriction: Limit how we process your data
Object: Object to processing based on legitimate interests
Withdraw Consent: Where processing is based on consent
How to Exercise Your Rights:

Use the automated tools in your dashboard for data export/deletion
Contact our dedicated privacy inbox via our dedicated contact form
Response Time: We respond to all privacy requests within 30 days

7. Lawful Basis for Processing

We process your personal data based on:

Contract Performance: To provide the services you've signed up for
Legitimate Interests: To maintain security and improve our services (where this doesn't override your rights)
Consent: Where explicitly given for optional features
Legal Obligation: To comply with legal requirements (e.g., data retention for security)

8. International Data Transfers

Self-Hosted UK Infrastructure: Your data is processed and stored on our privately owned servers located within the UK. We do not transfer personal data outside the UK/EU.

No Third-Party Hosting: Since we self-host our infrastructure, there are no external hosting providers involved in your data processing.

9. Automated Decision Making and Profiling

No Automated Decisions: We do not use automated decision-making or profiling that would significantly affect you.

AI Interactions: While our AI systems generate responses, these do not constitute automated decision-making under GDPR as they are interactive tools rather than systems that make decisions about you.

10. Cookies and Tracking

10.1 Essential Cookies Only

We only use cookies that are strictly necessary for our website to function:

Session Cookies: Keep you logged in
Security Cookies: Protect against cross-site request forgery
Preference Cookies: Remember your AI instance settings (admin users only)

10.2 No Third-Party Tracking

We do not use:

Google Analytics or similar tracking tools
Social media tracking pixels
Advertising cookies
Third-party analytics services

11. Data Sharing and Third-Party Disclosure

11.1 No Data Sales or Marketing Sharing

We do not sell, rent, or trade your personal information to any third parties for any reason.

11.2 Limited Sharing Circumstances

We only share personal data in these specific situations:

Legal Compliance: When required by law, court order, or regulatory authority
Security Protection: To protect our rights, property, or safety, or that of our users

11.3 AI Processing Disclosure

Local Processing Only: All AI conversations are processed using local AI models (Ollama) on our own servers
No External AI Providers: We do not send your data to OpenAI, Google, Anthropic, or any external AI companies
Complete Data Control: All AI processing occurs entirely within our controlled infrastructure

11.4 Hosting and Infrastructure

Self-Hosted Infrastructure: Our website and AI systems are hosted on privately owned, rack-mounted servers that we directly control. This means:

No third-party hosting providers have access to your data
Complete physical and digital control over all data storage
No external cloud services involved in data processing
All AI processing occurs on our own dedicated hardware using local Ollama systems

11.5 Our Privacy Commitment and Data Harvesting Stance

Complete Rejection of Data Harvesting: Glorktelligence maintains a strict policy of never working with data harvesting companies or services. This includes:

No Google Services: We completely refuse to integrate Google Analytics, Google Ads, Google Fonts (we use Bunny Fonts), or any other Google tracking services
No Social Media Tracking: We do not use Facebook Pixel, Twitter tracking, or similar social media analytics
No Advertising Networks: We will never integrate advertising platforms that collect user data
No Third-Party Analytics: We refuse all external analytics services that track user behaviour

Future Commitment: We pledge to maintain this stance permanently. We will never introduce data harvesting technologies, regardless of potential revenue or analytical benefits.

Why We Do This: We believe in your fundamental right to browse the internet without being tracked, profiled, or having your data sold to advertisers.

11.6 No Social Media Integration

Complete Social Media Absence: Glorktelligence maintains no presence on any social media platforms including Facebook, Twitter/X, Instagram, Snapchat, TikTok, LinkedIn, or any other social networks.

What This Means for Your Privacy:

No social media tracking pixels or widgets on our website
No data sharing with social media companies
No social login options that could leak your information
No cross-platform data correlation or profiling
Complete elimination of social media-related privacy risks
Our Position: We believe social media platforms fundamentally compromise user privacy through extensive data collection and behavioural tracking. By maintaining no social media presence, we eliminate these privacy risks entirely.

11.7 No Analytics or Tracking Services

As reinforced above, we explicitly do not use any external analytics or tracking services.

12. Children's Privacy

Age Restriction: Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13.

Account Termination: Any accounts found to be used or created by any person or persons under the age of 13 will be immediately terminated and deleted without possibility of recovery.

13. Data Breach Procedures

In the event of a data breach:

We will notify the ICO within 72 hours if required by law
Affected users will be notified within 72 hours if the breach poses a high risk
We maintain incident response procedures to minimize impact

14. Contact Information and Privacy Inquiries

Primary Privacy Contact: Use our dedicated contact area selecting Privacy

General Support Contact: Use our dedicated contact area selecting General Support

Website: www.glorktelligence.co.uk

Dedicated Privacy Mailbox: For GDPR compliance verification - privacy (at) glorktelligence (dot) co (dot) uk

Response Times:

Privacy requests: Within 30 days
General inquiries: Within 5 business days

15. Complaints and Regulatory Authority

If you believe we have not handled your personal data in accordance with this policy, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ICO Contact:

Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

16. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify users of significant changes by:

Posting the updated policy on our website
Updating the "Last Updated" date
For material changes, providing direct notice to registered users

17. Acknowledgment and Consent

To use Glorktelligence services, we require your explicit consent to this Privacy Policy. By clicking "I Accept" below, you are providing that consent and confirming that you agree to how we collect, use, and protect your personal information as outlined in this policy. Your acceptance constitutes a legally binding agreement.

About Glorktelligence: Glorktelligence is a privacy-first technology platform offering AI-powered services without the tracking, data harvesting, or privacy compromises found elsewhere. We believe in providing useful digital experiences while respecting your fundamental right to privacy.

Last Updated: 15/09/2025

Compare This Version