Privacy Policy

    Last updated: 30 May 2026

    This policy explains what data Cardiologia Croatica collects when you use the journal website and the AI chat assistant, how long we keep it, and how to exercise your rights under the GDPR.

    What we collect

    When you interact with the AI chat assistant, we store the prompts you send and the assistant's replies in our database. This applies whether you are signed in or browsing as a guest. We also retain technical metadata: a session identifier, the time of the request, the model used, token counts, and the IP address used for rate-limit accounting. We do not collect any other category of personal data beyond what NextAuth requires for sign-in (email address, name, and profile photo if you authenticate with Google).

    How long we keep it

    Chat transcripts are retained indefinitely so signed-in users can revisit prior conversations and so the operator can debug, moderate, and improve the service. Anonymous transcripts (those created while logged out) are stored without a user identifier and, if the same browser later signs in, are linked to that account. You can request deletion at any time (see Your rights below).

    Who has access

    Chat data is accessible to the journal's administrators for the purposes above. Prompts and responses are also processed by Google's Gemini API, which is the language-model provider that generates the assistant's replies. Google's data-handling terms for the Gemini API apply to that processing. We do not sell or share chat data with any other third party.

    Your rights

    Under the GDPR you may request access to, correction of, or deletion of any personal data we hold about you, and you may object to or restrict processing. To exercise these rights, email dom@matchmindz.com. We respond within 30 days. You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP).

    Cookies & analytics

    We measure how the site is used so we can improve it. Measurement is split into two clearly disclosed layers.

    Always on (no cookies, no consent required)

    We use Vercel Web Analytics and Speed Insights to count pageviews, country, device class, browser, and Core Web Vitals (loading speed, responsiveness, layout stability). This data is collected without cookies, is not joined to any user identifier, and is processed under our legitimate interest in operating and improving the site.

    After your consent (cookies)

    If you accept cookies, we also use Google Analytics 4 to understand acquisition channels (organic search, direct, referral, social), page interactions, and conversion-type events (chat opened, article read to the end, clinical case completed). Your IP address is anonymized before processing. We have explicitly disabled Google Signals, demographic and interest reporting, and ad-personalization signals.

    What we never send to analytics

    The content of your chat conversations is never sent to Google Analytics. We send event names (e.g. 'chat_opened') but never the prompts themselves or any inference about your health from the medical topics you read about.

    Withdraw or change your consent

    You can withdraw or change your consent at any time. Doing so will stop Google Analytics from loading on subsequent page loads; it does not delete data already collected with your prior consent. To request deletion, email dom@matchmindz.com.

    You have not made a choice yet.