Effective Date: November 24, 2025
Applicable To: springdevpro.com (a professional Spring AI technical blog, hereinafter referred to as “the Site”)
Data Controller: springdevpro.com (Contact: [email protected])
1. Introduction#
This Privacy Policy explains how we collect, use, store, and disclose your personal data when you access or use the Site. We are committed to complying with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), Privacy and Electronic Communications Regulations (PECR), and the EU-U.S. Data Privacy Framework (DPF) .
By using the Site (including browsing content, submitting comments, subscribing to updates, or interacting with Google AdSense ads), you acknowledge understanding of this Policy and consent to our data processing practices as described.
2. What Personal Data We Collect#
We only collect personal data necessary to fulfill the stated purposes. The types of data collected include:
2.1 Voluntarily Provided Data#
Contact & Profile Data: Name, email address, and any other information you provide via the Site’s contact form, comment section, or subscription signup (e.g., for Spring AI newsletter updates).
User-Generated Content: Comments, questions, or technical feedback submitted to Spring AI tutorials, articles, or discussion forums.
Subscription Preferences: Your choice to opt-in/out of email updates, and content interests (e.g., “Spring AI Core,” “Vector Databases,” “LLM Integration”).
2.2 Automatically Collected Data#
Browsing & Device Data: IP address, browser type, operating system, device identifiers, referral URL, page views, and session duration (collected via Google Analytics and Cloudflare).
Cookie & Tracking Data: As detailed in our Cookie Policy, including analytics cookies, advertising cookies (Google AdSense), and functional cookies.
Interaction Data: Engagement with Spring AI content (e.g., tutorial downloads, code snippet copies, ad clicks) and site feature usage (e.g., code preview tool settings).
2.3 Sensitive Personal Data#
We do not intentionally collect sensitive personal data (e.g., biometrics, health information, financial data) unless you voluntarily provide it (e.g., in a comment). Such data will be treated with enhanced security measures and only used for the stated purpose.
3. How We Use Your Personal Data#
We use your personal data for the following legitimate purposes, aligned with GDPR legal bases :
| Purpose | Legal Basis (GDPR) | Details |
|---|---|---|
| Provide & maintain the Site | Legitimate Interest | Ensure core functionality (e.g., code previews, comment moderation) and resolve technical issues. |
| Optimize Spring AI content | Legitimate Interest | Analyze browsing patterns to improve tutorials, prioritize high-demand topics (e.g., Spring AI + LangChain), and enhance user experience. |
| Deliver personalized ads | Consent | Serve relevant Google AdSense ads based on browsing behavior (only if you consent to advertising cookies). |
| Respond to inquiries | Contractual Necessity | Address questions submitted via contact form or comments (e.g., Spring AI implementation support). |
| Send subscription updates | Consent | Deliver newsletters, tutorial alerts, or Spring AI news to opted-in subscribers. |
| Ensure site security | Legitimate Interest | Detect and prevent fraud, DDoS attacks (via Cloudflare), and unauthorized access. |
We will not use your data for purposes unrelated to the above without first obtaining your explicit consent.
4. Data Sharing & Disclosure#
We only share your personal data with trusted third parties as necessary to fulfill the stated purposes:
4.1 Third-Party Service Providers#
Google AdSense: Shares browsing and interaction data to serve personalized ads. Google’s data processing is governed by its Privacy Policy policies.google.com/privacy and compliance with the DPF .
Google Analytics: Shares anonymous browsing data to measure content performance. Data is anonymized via IP masking and not linked to personal identifiers.
Cloudflare: Shares IP addresses and device data to secure the Site and optimize CDN performance (Privacy Policy: cloudflare.com/privacy-policy).
Email Service Provider (e.g., Mailchimp): Shares subscriber email addresses to deliver newsletters (only if you opt-in).
4.2 Legal Disclosures#
We may disclose your data if required by law, court order, or regulatory request (e.g., to comply with GDPR or CCPA obligations) or to protect our legal rights, property, or the safety of users.
4.3 No Data Selling#
We do not sell, rent, or trade your personal data to third parties for monetary gain . Under CCPA/CPRA, this includes not disclosing data for “valuable consideration” without your explicit opt-out.
5. Data Retention#
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy:
Voluntarily Provided Data: Comments and contact form submissions are retained for 2 years (or until you request deletion). Subscription data is retained until you opt-out.
Automatically Collected Data: Browsing and cookie data is retained for 2 years (Google Analytics) or as specified in our Cookie Policy.
Sensitive Data: Immediately deleted after fulfilling the stated purpose (e.g., resolving a technical inquiry).
Data is deleted securely (via anonymization or permanent erasure) once retention periods expire.
6. Your Privacy Rights#
6.1 GDPR Rights (EU/EEA Residents)#
You have the following rights under GDPR :
Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your data ( “right to be forgotten”), subject to legal exceptions.
Restriction: Request restriction of data processing (e.g., if data accuracy is contested).
Portability: Request your data in a structured, machine-readable format (e.g., CSV) for transfer to another controller.
Withdrawal: Withdraw consent for non-essential processing (e.g., advertising, newsletters) at any time.
Complaint: Lodge a complaint with a supervisory authority (e.g., ICO in the UK, CNIL in France).
6.2 CCPA/CPRA Rights (California Residents)#
You have the following rights under CCPA/CPRA :
Access: Request disclosure of the categories/ specific pieces of personal data collected.
Deletion: Request deletion of your personal data (subject to exceptions).
Opt-Out of Sale: Although we do not sell data, you may opt-out of any future “sales” (as defined by CCPA) via our Cookie Settings or contact form.
Non-Discrimination: We will not discriminate against you for exercising CCPA rights (e.g., denying access to content).
6.3 How to Exercise Your Rights#
To exercise any rights, submit a request via:
Email: [email protected]
Contact Form: springdevpro.com/contact
We may request verification of your identity (e.g., confirming your email address) to process requests. We aim to respond within 30 business days .
7. Data Security#
We implement appropriate technical and organizational measures to protect your data from unauthorized access, disclosure, or loss:
SSL/TLS encryption for data transmission (HTTPS).
Encrypted storage of personal data (e.g., subscriber emails).
Access controls limiting data access to authorized personnel only.
Regular security audits and updates to Cloudflare, Google Analytics, and other third-party tools.
Data protection impact assessments (DPIAs) for high-risk processing (e.g., ad tracking) .
While we strive to protect your data, no security measure is foolproof. We are not liable for unauthorized access due to circumstances beyond our control.
8. Cross-Border Data Transfers#
Your personal data may be transferred to and processed in countries outside the EU/EEA (e.g., the United States) via our third-party providers (Google, Cloudflare). We ensure compliance with GDPR 跨境数据传输 requirements by:
Using third-party providers that participate in the EU-U.S. Data Privacy Framework (DPF), which ensures adequate data protection .
Implementing standard contractual clauses (SCCs) for providers not covered by the DPF.
Ensuring U.S. intelligence agencies access to EU data is limited to “necessary and appropriate” for national security .
9. Third-Party Links & Content#
The Site may contain links to third-party websites (e.g., Spring.io documentation, Google AI Studio) or embed third-party content (e.g., YouTube tutorials). This Privacy Policy does not apply to third-party sites—we recommend reviewing their privacy policies before providing personal data.
10. Children’s Privacy#
The Site is not intended for users under 13 years of age. We do not intentionally collect personal data from children under 13. If we become aware of such data collection, we will immediately delete it. Parents/guardians may contact us to request deletion of their child’s data.
11. Policy Updates#
We may update this Privacy Policy to reflect regulatory changes (e.g., DPF updates) or Site feature additions (e.g., new Spring AI community forums). Updated versions will be posted with a revised “Effective Date.” Major changes will be notified via:
A site banner alert.
Email (for subscribed users).
A dedicated article on the Site.
Your continued use of the Site after updates constitutes acceptance of the revised Policy.
12. Contact Us#
For questions, concerns, or to exercise your privacy rights:
Email: [email protected]
Contact Form: springdevpro.com/contact
We aim to resolve all inquiries within 30 business days. For EU residents, you may also contact your local data protection authority if you are unsatisfied with our response.