Data Policy — AI 2035 Strategic Brief Generator

Last updated: April, 13, 2026
Controller: Sofus Midtgaard · Droningensgade 12a 1. tv.
Contact: sofusmidtgaard@gmail.com · +45 30 220 111

————————————-


Data Policy — AI 2035 Strategic Brief Generator Last updated: April 2026 Controller: Sofus Midtgaard · Droningensgade 12a 1. tv., Copenhagen Contact: sofusmidtgaard@gmail.com · +45 30 220 111

What this tool does

The AI 2035 Strategic Brief Generator is a paid advisory tool. It takes the information you provide about your organisation and generates a tailored strategic brief using AI. This policy explains what data is collected, how it is used, and your rights under GDPR.

Important notice before you begin

Do not enter information that is price-sensitive, market-sensitive, or subject to stock exchange disclosure requirements.

If you work for a listed company or a company with listed debt, some of the information this tool asks about — competitive pressures, strategic direction, financial condition, or undisclosed business developments — may constitute material non-public information (MNPI). Entering such information into an AI system may conflict with your obligations under market abuse regulations (EU MAR) or equivalent rules in your jurisdiction.

If in doubt, use only publicly available information or consult your compliance function before proceeding.

Do not enter personal data about third parties — clients, employees, partners, or individuals — beyond what is necessary to describe your organisation's general situation.

What data we collect

Information you provide directly:

• Organisation name and type

• Your name and title (optional)

• Contextual information about your organisation — sector, competitive landscape, strategic situation

• Answers to up to five diagnostic questions

• Any free-text question or dilemma you choose to share

• Your email address (required for brief delivery and follow-up)

Technical data collected automatically:

• Standard web server logs (IP address, browser type, timestamp)

• Session data stored temporarily in Cloudflare KV to preserve your progress and enable brief delivery

How your data is processed — and by whom

This tool uses the Anthropic API — not Claude.ai

The brief is generated using the Anthropic API — the developer interface to Claude. This is different from Claude.ai, which is Anthropic's consumer product.

The distinction matters:

Anthropic API (what we use)Claude.ai (consumer product)Is content used to train AI models?No — Anthropic's API Terms of Service explicitly prohibit training on API inputs and outputs without opt-in consentDifferent terms applyWho controls the data?The operator (Sofus Midtgaard) is responsible for what is submittedAnthropic's consumer terms applyIs content stored by Anthropic?Anthropic may retain inputs/outputs for up to 30 days for trust and safety purposes, then deletes themDifferent retention applies

In plain terms: what you type into this tool is sent to Anthropic's API to generate your brief. Anthropic does not use it to train Claude or any other AI model. It may be retained briefly for safety monitoring, then deleted.

For full details, see Anthropic's Privacy Policy and Anthropic's Usage Policies.

How we use your data

PurposeLegal basisGenerating your strategic brief via the Anthropic APIContractual necessity (GDPR Art. 6(1)(b))Storing your brief for re-access via your email linkContractual necessity (GDPR Art. 6(1)(b))Processing payment via StripeContractual necessity (GDPR Art. 6(1)(b))Confirming payment and delivering the Executive BriefContractual necessity (GDPR Art. 6(1)(b))Sending follow-up emails about your briefLegitimate interest (GDPR Art. 6(1)(f))Maintaining server logs for security and troubleshootingLegitimate interest (GDPR Art. 6(1)(f))

We do not use your data for advertising, profiling, or sale to third parties.

Who we share your data with

Anthropic (Claude API) — The content you enter is sent to Anthropic's API to generate the analysis. Anthropic acts as a data processor on our behalf. They do not train on your data. Anthropic may be based outside the EU — transfers are covered by Standard Contractual Clauses. See Anthropic's privacy policy.

Stripe — Your email address and payment information are processed by Stripe, Inc. We receive confirmation of payment only — we never see or store your card details. See Stripe's privacy policy.

Cloudflare — API requests are routed through Cloudflare Workers. Session data and generated briefs are stored in Cloudflare KV and R2 infrastructure. See Cloudflare's privacy policy.

Mailchimp (Intuit Inc.) — Your email address, name, organisation name, and title are stored in Mailchimp to manage follow-up email delivery. You can unsubscribe at any time via the link in any email. Mailchimp may process data outside the EU — transfers are covered by Standard Contractual Clauses. See Mailchimp's privacy policy.

Resend — Used to send transactional emails (your brief link and follow-up messages). Processes your email address for delivery purposes only. See Resend's privacy policy.

We do not sell, rent, or share your data with any other parties.

How long we keep your data

DataRetentionEmail address, name, organisation name, titleStored in Mailchimp for follow-up email sequence. Removed on unsubscribe or deletion request.Organisation name, diagnostic answers, session dataStored in Cloudflare KV for 48 hours (free brief users) or 90 days (paid users), then deleted automatically.Generated brief (free and paid)Stored in Cloudflare R2 to allow re-access via the link in your email. Deleted on request.Anthropic API logsUp to 30 days per Anthropic's safety policy, then deleted by Anthropic.Payment recordsRetained by Stripe per their legal obligations.Server logsUp to 30 days for security purposes.

Your rights under GDPR

You have the right to:

• Access — request a copy of personal data we hold about you

• Rectification — request correction of inaccurate data

• Erasure — request deletion of your data (including your brief and Mailchimp record)

• Restriction — request that we limit processing

• Portability — receive your data in a structured, machine-readable format

• Object — object to processing based on legitimate interest, including follow-up emails

To exercise any of these rights, contact sofusmidtgaard@gmail.com. We will respond within 30 days.

If you believe your data has been processed unlawfully, you may lodge a complaint with the Danish Data Protection Authority: Datatilsynet · datatilsynet.dk · +45 33 19 32 00

Cookies and tracking

This tool does not use advertising networks, analytics platforms, or social media pixels. Cloudflare may set technical cookies as part of infrastructure operation. Follow-up emails sent via Mailchimp and Resend may include standard email tracking pixels that record whether an email was opened or a link was clicked. You can disable image loading in your email client to prevent this.

Changes to this policy

If we make material changes, we will update this page and revise the date above. Continued use after changes are posted constitutes acceptance.

Contact

Sofus Midtgaard · sofusmidtgaard@gmail.com · +45 30 220 111 · sofusmidtgaard.dk

The key changes from your current version: retention table now accurately reflects KV, R2, and Mailchimp storage; Mailchimp and Resend added as processors; email tracking pixels disclosed; follow-up emails added as a processing purpose with legitimate interest basis; erasure right now explicitly mentions the brief and Mailchimp record.