Privacy Policy

Data controller and contacts

The data controller is Gregory Sirtoli, based in 24040, Bergamo, Italy.

• Controller contact: [email protected]
• Privacy contact point: [email protected]

Place of data processing

The controller is established in Italy (EU), and the service is available globally (including Europe, North America, Canada, and other regions). Personal data may be processed in the EU and, when operationally necessary, in other countries through selected service providers.

Categories of personal data

• Browsing data: technical information generated by normal use of internet protocols (for example IP address, user agent, request metadata, and logs required for security and service reliability).
• Account and authentication data: email, name, profile image (if provided), hashed credentials (where applicable), session data, and account timestamps.
• Data provided voluntarily: information submitted in forms, feedback, support requests, and account settings.
• Preference and service data: currency choice, cookie preferences, legal acknowledgements, collections, portfolios, comparisons, alerts, and related feature settings.
• Affiliate data: click and attribution metrics, registrations, and conversion reporting linked to affiliate features.
• Cookie data: as described in the dedicated Cookie Policy.

Purposes of processing

• To provide and maintain the website and user accounts.
• To deliver requested features and user-initiated services.
• To send required service communications.
• To ensure security, prevent abuse, and handle incidents.
• To comply with legal and regulatory obligations.
• To improve services using aggregate and, where possible, anonymized analytics.

Legal basis

• Performance of a contract (account and requested services).
• Legitimate interests (security, continuity, and fraud control).
• Consent (for optional cookies and similar technologies).
• Legal obligations under applicable law.

Retention period

Data is retained only for as long as necessary for the relevant purpose, and in any case within legal retention limits and security requirements.

Whether providing data is mandatory

Except for technical browsing data needed to operate the service, providing personal data is generally optional. However, failure to provide required data may make it impossible to deliver requested services or features.

Processing methods and safeguards

Data is processed with electronic and organizational measures designed to protect confidentiality, integrity, and availability. Access is limited to authorized persons and processors acting under clear instructions.

Recipients and data sharing

• Personal data may be shared with service providers strictly required for hosting, infrastructure, authentication, email delivery, security, and support operations.
• Data may be disclosed where required by law, public authority request, or for legal defense.
• Data is not sold for monetary consideration.

International data transfers

Where data is transferred outside the EEA/UK/Switzerland, we use safeguards required by law (for example Standard Contractual Clauses or equivalent mechanisms).

Cookies

For details about cookies and similar technologies, please read the dedicated Cookie Policy.

Data subject rights

Under Articles 15 to 22 GDPR, you may exercise the following rights:

• Access and obtain a copy of your personal data.
• Rectification of inaccurate or incomplete data.
• Erasure where legally applicable.
• Restriction of processing where applicable.
• Data portability where applicable.
• Objection to processing under applicable conditions.
• Withdrawal of consent at any time where consent is used.

You also have the right to lodge a complaint with your competent data protection authority.

If local laws outside the EU apply (for example some US state privacy laws or Canadian privacy laws), equivalent rights may be available as required by those laws.

Children

This website is not intended for children under 13. If your local law sets a higher digital-consent age, that higher age applies.

Security

We apply reasonable technical and organizational safeguards to protect personal data. No system can guarantee 100% security, but we continuously improve our controls and monitoring.

How to exercise your rights

To exercise your rights, contact: [email protected].
For additional privacy information, contact: [email protected].