Skip to main content

Privacy Policy

Last updated: July 14, 2026

This page is loading its table of contents.

Introduction

Your privacy is important to me. This policy explains how I collect, use, and safeguard your data when you visit zalt.me or engage my services. My goal is to be transparent, collecting only what is necessary to run this website and respond to you.

I am Mahmoud Zalt, the owner and data controller for this site. I operate as a sole proprietor registered in The Netherlands.

Privacy Summary

  • Processed locally in your browser: In-browser AI and text utilities process your input on your device.
  • Never sent to servers: Tool input is not transmitted to my servers.
  • No prompts stored: I do not store or log text entered into these tools.
  • No training: I do not use tool input to train models.
  • Client services: Confidential by default; not reused without permission.

In-Browser AI Tools & User-Provided Content

This website includes tools and utilities (not limited to any specific list) such as AI chat, counters, humanizers, token/text tools, and other AI-related text utilities.

  • Local processing: Text you enter into these tools is processed entirely in your browser.
  • No server access: I do not receive, store, cache, inspect, or log this tool input or output on my servers.
  • No third-party access: This tool input is not shared with third parties by me.
  • Works offline: once a tool has loaded (and downloaded any model it needs), it keeps working with your Wi-Fi switched off, nothing depends on a connection to my servers.
  • Zero transmission risk: even if a tool asks for an email or other personal detail, what you enter stays on your device, so there is nothing to transmit, intercept, or leak.

Your device, your responsibility: because processing is local, the one remaining risk is the security of your own device (for example, a shared or compromised computer). Use good judgment with highly sensitive or regulated data such as passwords, private keys, medical records, or financial credentials.

Client Services & Professional Confidentiality

This section applies only to paid professional services and consulting engagements.

Confidential by default: All service-related information is treated as confidential, including (where applicable) conversations (calls, messages, emails), business context and strategy, source code and repositories, architecture diagrams, configurations, credentials, logs, metrics, and any materials you share before, during, or after an engagement.

Purpose & legal basis: I process service-related data only to deliver the agreed scope, communicate with you, and provide support. This is based on performing a contract (or steps leading to a contract) and my legitimate interest in delivering and maintaining the engagement.

  • Use limitations: Service data is used strictly for delivery and support, not for training AI models, and not to improve unrelated products or tools.
  • No reuse without permission: I do not reuse client materials for marketing, public demos, talks, or case studies without explicit written permission.
  • Access & sharing: Access is limited to me. I do not disclose client information to third parties unless required to deliver the service, comply with law, or you instruct/authorize me to do so.
  • Security measures: I use reasonable administrative and technical safeguards (such as access control and least privilege). No method of transmission or storage is 100% secure.
  • Retention & precedence: Service data is retained only as long as necessary for delivery, support, record-keeping, and legal/tax obligations. If an NDA/MSA/DPA or written contract applies, it overrides this policy for that engagement.
  • Client preferences: If you require specific handling (for example, client-provided storage, retention limits, or communication constraints), you can request it and I will follow where feasible.

AI-Generated Blog Content

Some blog posts on this site are drafted with the help of AI tools and then reviewed and edited by me. Content is provided for informational purposes and may contain errors; it should not be treated as professional advice.

I do not use text entered by visitors into on-site tools to generate blog posts, and I do not use it to train models.

What Information I Collect

When you use this website or contact me, I may collect the following:

  • Contact Information: Your name, email address, and message content when you send me an email or use my contact form. This is used solely to respond to your inquiry. You can find my contact information in my contact card (vCard).
  • Meeting Information: Your name and email when you book a meeting, which are used to send you the calendar invitation.
  • Website Analytics: This site uses Google Analytics and PostHog to understand how the site is used. This includes the pages you visit, your general geographic location, device and browser type, and how you interact with the site (clicks, scrolling, navigation, and how long you stay). PostHog may also record anonymized session replays and heatmaps of page interactions to help me find usability issues and technical errors. Text you type and content inside the in-browser tools are masked and never captured.
  • Server Logs: My hosting (AWS) and security/CDN (Cloudflare) providers automatically collect standard server logs. This typically includes your IP address, browser type, and the pages you requested. This is essential for security, performance, and troubleshooting.

I do not collect, receive, or process the text you enter or the files you upload into in-browser AI tools, counters, or utilities in the Tools section. These run entirely in your browser. I do record anonymous usage metadata (for example, that a tool was used, that text was pasted and how many characters, or that a file was uploaded and its type and size) so I can see which tools are useful, but never the text or file contents themselves.

How I Use & Share Your Information

I use the data collected to provide my services, communicate with you, and improve this site's performance and content.

I will never sell your personal data.

I only share data with these essential service providers (sub-processors) to operate this website:

  • Google: For website analytics (Google Analytics) and for processing emails and calendar appointments (Google Workspace).
  • PostHog: For website analytics, including page views, interaction and navigation events, and anonymized session replays and heatmaps, to understand how the site is used and improve it. Tool input text and uploaded files are never captured, only anonymous usage metadata.
  • Cloudflare: To provide the Content Delivery Network (CDN), security (WAF), and performance optimization.
  • Amazon Web Services (AWS): For hosting the website files (S3) and serving them (CloudFront).

International transfers: Some of these providers are based in the United States. Where personal data is transferred outside the European Economic Area, it is safeguarded by Standard Contractual Clauses (SCCs) or an equivalent approved transfer mechanism.

Cookies & Local Storage

This website uses localStorage and cookies for the following specific purposes:

  • Local Storage (Essential): Your light/dark mode preference is stored only on your device in localStorage. It is never sent to me or any third party.
  • Tool Inputs (On-Device): Text entered into in-browser AI tools and utilities may exist temporarily in your browser (for example, in memory while a tool is open). It is not persisted server-side by me. It is typically cleared when you refresh or close the page, although your browser may retain form state on your device (for example, during session restore).
  • Cookies (Analytics & Security): Google Analytics, PostHog, and Cloudflare use cookies to help distinguish visitors (for analytics) and to identify trusted web traffic (for security).

You can block, manage, or delete these cookies at any time through your browser's settings.

Your Rights (GDPR)

As I am based in the EU, you are protected by the GDPR and have the right to:

  • Access: Request a copy of the personal data I hold about you.
  • Rectification: Request correction of any inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (such as our email correspondence).
  • Restriction: Request that I limit how your data is processed.
  • Portability: Request your data in a portable, machine-readable format.
  • Objection: Object to processing based on my legitimate interests.

To exercise any of these rights, please contact me at [email protected]. You also have the right to lodge a complaint with your local data protection authority. In the Netherlands this is the Autoriteit Persoonsgegevens.

Policy Updates

I may update this policy from time to time. The "Last updated" date at the top of this page will always reflect the latest version.

Related Policies & Resources

For information about reporting security vulnerabilities, please see my Security Policy.

For complete API documentation and available endpoints, visit the API Documentation.