Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. What Data We Collect

We collect different types of data depending on how you interact with our services:

2.1 Account Information

• Full name and email address
• Company name and business details
• Billing address and payment information
• Phone number (optional)

2.2 Usage Data

• IP address and browser information
• Pages visited and features used
• Time spent on our platform
• Referral source

2.3 Communication Data

• Support tickets and email correspondence
• Feedback and survey responses
• Chat messages (if applicable)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

4. How We Use Your Data

We use your personal data for the following purposes:

• Service Delivery: To provide, maintain, and improve our data enrichment and automation services
• Communication: To send service updates, respond to inquiries, and provide customer support
• Billing: To process payments and manage subscriptions
• Analytics: To understand usage patterns and improve our platform
• Security: To detect and prevent fraud, abuse, and unauthorized access
• Legal: To comply with legal obligations and protect our rights
• Marketing: To send promotional materials (only with your consent)

5. Data Sharing and Transfers

We share your data only in the following circumstances:

5.1 Service Providers

• Hosting: Amazon Web Services (AWS) - data centers in EU
• Payment Processing: Stripe - PCI-DSS compliant
• Analytics: Self-hosted Umami (privacy-focused)
• Email: SendGrid for transactional emails

5.2 Legal Requirements

We may disclose data when required by law, court order, or governmental authority.

5.3 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred with appropriate protections.

6. Your Rights Under GDPR

As a data subject, you have the following rights:

To exercise any of these rights, contact us at [email protected]

7. Data Retention

We retain your data for different periods based on the purpose:

• Account Data: Duration of your account + 1 year
• Usage Analytics: 26 months
• Financial Records: 7 years (legal requirement in Italy)
• Marketing Data: Until consent withdrawn
• Support Tickets: 3 years

8. Security Measures

We implement comprehensive security measures to protect your data:

• 🔒 Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• 🔐 Access Control: Role-based access with multi-factor authentication
• 📊 Monitoring: 24/7 security monitoring and intrusion detection
• 🔄 Backups: Regular encrypted backups with disaster recovery
• 👥 Training: Regular security training for all employees
• 🛡️ Audits: Annual security assessments and penetration testing

9. International Data Transfers

When we transfer data outside the EEA, we ensure adequate protection through:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Your explicit consent (where applicable)

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

11. Cookie Policy

For detailed information about how we use cookies and similar technologies, please see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes via email or through our platform. The "Last updated" date at the top indicates the latest revision.

13. Contact Information

For privacy-related questions or to exercise your rights:

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. In Italy, this is: