GDPR Compliant

Privacy Policy

Last updated: May 29, 2026. Your privacy and intellectual property are core architectural pillars of Pouta.

1. Overview & Data Controller

This Privacy Policy describes how Pouta collects, processes, and protects your information. Pouta operates as a dual model: an open-source self-hosted code structure and a managed multi-tenant SaaS service.

For the managed SaaS version, the Data Controller is Osuuskunta Vinde, operating within the European Union under strict General Data Protection Regulation (GDPR) standards.

GDPR Architecture

2. Data Storage at the Serverless Edge

Pouta is built from the ground up to execute entirely on Cloudflare's serverless edge infrastructure. This means your text content, media assets, and session keys are cached and processed closer to you, reducing centralized database exposure:

Text Content (Cloudflare D1) All written posts, configurations, and administrative multi-tenant tables are stored in Cloudflare D1. D1 is an edge SQL database that replicates and serves transactions inside V8 sandbox isolates globally, ensuring minimal latency and localized data distribution.
Image Assets (Cloudflare R2) All uploaded blog covers, editorial assets, and media files are stored securely in Cloudflare R2 object storage. R2 storage is S3-compatible, runs on Cloudflare's edge network, and protects assets behind custom authenticated access gates.

Self-Hosted Exception: If you use our self-hosted open-source software, all data is stored inside your own personal Cloudflare account. Pouta Dev collects absolutely zero tracking, metrics, or telemetry from self-hosted nodes.

AI Compliance

3. AI Coprocessor & Large Language Model Policy

Pouta SaaS Pro incorporates advanced, AI-assisted content optimization tools directly into the block-editor interface. These features operate ephemerally using Cloudflare's serverless AI engine:

  • ✍️
    AI Copyediting & Translating (Llama 3 8B) When you highlight text and trigger copyediting or language translation, your block text is sent dynamically to a hosted instance of the Llama 3 8B model running inside Cloudflare's GPU network nodes.
  • 👁️
    Accessibility Alt-Text Generation (Llama 3.2 Vision) When you upload or select an image and click "Generate Alt-Text", the image is processed by the Llama 3.2 Vision multimodal engine at the edge to describe the visual scene and output accessibility tags.
🔒 Strict Ephemeral Processing & Zero-Training Guarantee: We care deeply about your intellectual property and data sovereignty. Under our AI agreement:
  • All prompt text and image assets sent to the Llama models are processed ephemerally.
  • No prompt, document context, or generated response is stored permanently inside the AI inference infrastructure.
  • Your uploaded files and textual content are never used to train, tune, or improve public Llama models or Cloudflare’s algorithms.

4. Your GDPR Rights & Portability

Under the GDPR, you have the following rights regarding your personal data processed on our managed SaaS platforms:

  • Right of Access: Request a complete copy of all your active multi-tenant table data.
  • Right to Rectification: Edit your account, email, and subscription configurations at any time.
  • Right to Erasure ("Right to be Forgotten"): Delete your SaaS account. Deleting your account instantly purges all database tables in Cloudflare D1 and all media files in Cloudflare R2.
  • Right to Data Portability: Export your Markdown content, images, and schema configs self-serve in a standard JSON format.

To exercise any of these rights, please submit a request to our data protection contact at moha@mohanjith.net. We will respond to all requests within 30 days.

5. Cookies & Tracking Technologies

Pouta uses session tokens and essential functional cookies only. We do not place marketing tracking pixels, cross-site advertiser beacons, or third-party cookies inside the CMS dashboard or the marketing website.

For basic page views and platform diagnostics, we collect anonymous web logs (IP addresses, user agents) at the Cloudflare layer to secure our Workers infrastructure against automated DDoS botnets.