Skip to main content
Open Eye Media

Mission-Tech Alignment Audit

Privacy notice

The short version: we collect as little as possible, keep nothing longer than necessary, and share nothing with third parties for commercial purposes.

Who we are

This tool is operated by Open Eye Media, a trade name of Chris King, auto-entrepreneur registered in France (SIRET: 891 686 206 00014). For data protection purposes, Open Eye Media is the controller responsible for the personal data described in this notice. You can contact us via openeyemedia.net/contact or [email protected].

What we collect

When you complete an audit, we store your responses — your priority ranking and tool selections — along with the computed results. This record is:

  • Anonymous. We do not ask for your name, email address, or any other identifying information. No account is required.
  • Temporary. Assessment records are automatically deleted after 30 days.
  • Not linked to you. We do not fingerprint your device or use any persistent cross-session identifier. Your IP address is read briefly to enforce per-IP rate limits and is never written to disk or associated with your assessment.

Because the assessment record contains no information that identifies you, it does not constitute personal data under EU GDPR. This notice is provided in the interest of transparency regardless.

Cookies

We set one first-party cookie. It is HttpOnly, SameSite=Lax, scoped to this site, and expires after one hour. No advertising cookies, no third-party tracking cookies, and no cross-site identifiers are ever set.

  • mtaa_assessment_session — a signed copy of your priorities and tool selections, set when you submit the audit. It enables the “Try with different priorities” button to restore your selections without re-asking. It expires after one hour and is verified with a server-side secret to prevent tampering. This cookie is strictly necessary for the core functionality of the audit and does not require consent.

Analytics

We collect anonymous aggregate event counts (such as “an assessment was started” or “an alternative was clicked”) to understand how the tool is used and where it can be improved.

We do not use a tracking cookie for analytics. Instead, we derive a short-lived anonymous identifier server-side by hashing your IP address, browser user-agent, and the current UTC date together with a secret key. The same visitor on the same day produces the same hash — allowing us to count distinct daily visitors — but the hash changes every day and cannot be used to track you across sessions. The hash is never stored on your device and is never transmitted to third parties in a form that could identify you.

Events are sent to Tinybird, a hosted analytics service. Events carry only the anonymous daily hash and event metadata — they never carry your IP address, your assessment contents, or any other identifying information. Tinybird acts as a data processor on our behalf under a Data Processing Agreement (incorporated into their Terms of Service, Article 28 EU GDPR). Tinybird processes this data on infrastructure located in the United Kingdom. The transfer is made on the basis of the European Commission’s adequacy decision in respect of the United Kingdom (Article 45 EU GDPR).

The lawful basis for this processing is legitimate interests (Article 6(1)(f) EU GDPR). Our interest is in understanding how the tool performs so we can improve it. We have assessed that this interest is not overridden by your privacy interests, given that: no cookie is set; the identifier cannot be used to track you across days; your IP address is never stored or transmitted to Tinybird; and the data we collect is genuinely aggregate.

You have the right to object to processing based on legitimate interests. To exercise this right, contact us at [email protected]. We will respond within 30 days.

Other third parties

Aside from the analytics service named above, we do not sell, share, or transmit your data to third parties. The tool itself is self-hosted on infrastructure we control (Hetzner Online GmbH, Germany).

Your rights

Under EU GDPR you have the right to access, correct, or erase personal data we hold about you; to object to or restrict processing; and to data portability where applicable.

Because assessments are anonymous and contain no personal data, there is in practice nothing we can retrieve or erase on your behalf. For analytics data, the daily hash derived from your IP cannot be reversed to identify you, so individual records cannot be isolated or deleted.

If you have a question or concern, contact us at [email protected]. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés), the French data protection authority, or the supervisory authority in the EU member state where you are located.

Changes to this notice

If we make changes that affect how personal data is handled, we will update this page. The date at the bottom reflects when it was last revised.