Privacy
Privacy and data protection policy.
This page describes what data is collected when you use otman.ai, why it is collected, how long it is kept, and how to reach the data controller. The policy applies under EU and Dutch law (GDPR and the UAVG).
Last updated: 2026-05-04
Who is responsible for your data.
The data controller for otman.ai is Otman Nouinou, based in the Netherlands. For privacy questions or data subject requests, write to [email protected].
Data otman.ai actually collects.
otman.ai is a static website. It does not run any server-side code at request time and does not write cookies for tracking, profiling, or advertising. Visiting the site does not require an account.
Data is only created in the following situations:
- Server access logs. The hosting infrastructure keeps standard web server access logs (IP address, user agent, requested path, response status, timestamp) for security and operational purposes. These logs are not used for profiling and are rotated and deleted on a rolling basis (typically within 30 days).
- Email inquiries. When you write to the contact email address, the message and any attached information are processed for the purpose of responding to your inquiry. Messages are kept as long as needed to handle the conversation, and afterwards for normal correspondence record keeping.
- Calendly bookings. If you book a call through the Calendly link, your name, email, and any details you fill in are processed by Calendly under their own privacy policy. otman.ai receives the resulting calendar event.
- Embedded YouTube videos. The site embeds videos using the privacy-enhanced youtube-nocookie domain, which does not set tracking cookies until the video is played.
otman.ai does not run analytics or advertising scripts at this time. If that changes, this page will be updated and consent mechanisms will be added where required.
Why processing is allowed.
Server logs are processed on the basis of legitimate interest in operating and securing the website. Email and Calendly inquiries are processed on the basis of taking steps at your request, prior to entering into a contract or engagement.
Who else sees your data.
Personal data is not sold or shared with third parties for marketing purposes. Service providers used to operate the site (hosting, email, scheduling) act as processors under appropriate agreements. Data may be disclosed where required by law.
What you can ask.
Under GDPR you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and the right to data portability. You can also withdraw consent where processing is based on consent. To exercise any of these rights, email [email protected]. You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Updates to this policy.
This policy is reviewed periodically and updated when the site changes in a way that affects how data is handled. The last updated date at the top of this page reflects the most recent revision.