Privacy Statement

Effective: 2026-04-27 ยท Last reviewed: 2026-04-27 ยท Operator: Dan Volsky / SkyMind

1. Summary

SkyMind operates on a Zero Personal Data Architecture (ZPDA). We do not collect, store, or process personal data about visitors to our public website or end-users of the analyzed regions. All analytical content is derived from aggregated, post-GDPR open data published by official statistical agencies.

This page explains the limited categories of personal data we do handle, why, on what legal basis, and your rights under the GDPR.

2. Who is responsible

Operator (data controller): Dan Volsky, operating as SkyMind (sole researcher).
Location: Haifa, Israel.
Contact: info@sky-mind.com.

For privacy questions, data subject requests, or complaints, please write to the address above with the subject line SkyMind privacy.

3. What we do not do

4. The only personal data we collect

4.1 Demo request form

When you submit the form on the home page, we collect:

Purpose: to contact you about your demo request and answer your questions.
Legal basis: consent (Article 6(1)(a) GDPR) โ€” by submitting the form you consent to being contacted.
Storage: Supabase (EU region), table demo_requests, encrypted at rest, access restricted to the operator.
Retention: kept for up to 24 months from submission, then deleted. Earlier deletion on request.
Sharing: not shared with third parties. Used only by the operator.

4.2 GALOR dashboard authentication

The internal dashboard at sky-mind.com/galor is password-protected. After successful login we set a single HttpOnly, Secure, SameSite=Lax session cookie named galor_auth. The cookie is a HMAC-signed session token only. It does not contain personal information and is not used for analytics. Maximum lifetime: 30 days.

4.3 Email correspondence

If you write to us by email, we will hold the message and your address for as long as needed to handle your request, then delete it.

5. Public open data sources used by the model

Our datasets are built exclusively from official, aggregated, post-GDPR public data:

CountrySources
๐Ÿ‡ฉ๐Ÿ‡ช GermanyEurostat NUTS-3
๐Ÿ‡ฎ๐Ÿ‡ฑ Israeldata.gov.il, CBS (Central Bureau of Statistics)
๐Ÿ‡ฆ๐Ÿ‡ช UAEDubai Land Department open data, World Bank
๐Ÿ‡ธ๐Ÿ‡ฆ Saudi ArabiaGASTAT, KAPSARC, Royal Commission for Riyadh City open data
๐Ÿ‡ถ๐Ÿ‡ฆ Qatardata.gov.qa, Planning & Statistics Authority
๐Ÿ‡ซ๐Ÿ‡ท FranceEurostat NUTS-3, INSEE
๐ŸŒ Cross-countryWorld Bank Open Data, Bank for International Settlements

None of these sources contain microdata or individual-level information. They are statistical aggregates produced and published by the respective agencies in compliance with their own GDPR / privacy obligations.

6. Hosting and processors

ServiceRoleRegionSafeguard
Vercel, Inc.Static hosting, serverless functions, edge networkEU (fra1) + global edgeStandard Contractual Clauses (SCCs)
Supabase, Inc.Database, authentication backend, file storageEU regionStandard Contractual Clauses (SCCs)
Anthropic, PBCClaude API for the SkyMind AI assistantUSSCCs; only the user's question text is sent, no personal identifiers
HeyGen, Inc.Video rendering for marketing assetsUSSCCs; no end-user data sent

7. Your rights under the GDPR

If we hold any personal data about you (typically only because you submitted the demo form or wrote to us by email), you have the right to:

To exercise any of these rights, email info@sky-mind.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. For visitors in the EU, the relevant authority is the Data Protection Authority of your country of residence; in Germany this is your state-level Landesdatenschutzbeauftragter.

8. Security

Technical and organisational measures we apply (per Article 32 GDPR):

9. Data Protection Impact Assessment (DPIA)

A formal DPIA under Article 35 GDPR is not required because the platform does not perform automated decision-making about individuals, does not process special categories of personal data (Article 9), and operates on a Zero Personal Data Architecture. We have nonetheless documented our processing activities in a Record of Processing Activities (ROPA) available on request.

10. Children

SkyMind is not directed at children. We do not knowingly collect personal data from anyone under 16.

11. Changes to this statement

We will publish any material changes to this statement on this page with a new "Last reviewed" date. The current text always reflects our practice.

Plain-language summary: SkyMind analyses regions, not people. We do not track you on this website. The only time we ever hold personal data is if you write to us or fill out the demo form, and even then we hold the minimum needed to answer you, in an EU-region database, deletable on request. Email info@sky-mind.com with any question.