Privacy Policy

Last Updated: January 29, 2026

GDPR Compliant: This policy complies with EU General Data Protection Regulation (GDPR) requirements.

1. Introduction

We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information.

2. Data Controller

Company: Dataria
Contact: raffaele@dataria.it
Location: Italy (EU)

3. What Data We Collect

Personal Information:
  • Email address - for account identification and communication
  • Password - stored as an encrypted hash (we cannot see your actual password)
  • Payment information - processed securely by Stripe (we only store payment confirmation)
Technical Information:
  • IP address - hashed for security and anti-sharing measures (we don't store actual IPs)
  • Session data - to keep you logged in and prevent account sharing
  • Login timestamps - to track when you access the service
  • Usage logs - for debugging and service improvement
Submitted Information:
  • Issue reports - problems you report through the dashboard
  • Suggestions - feature requests you submit

4. Legal Basis for Processing (GDPR)

  • Contract performance: Processing your data to provide the paid service
  • Legitimate interests: Security, anti-fraud, and service improvement
  • Legal obligation: Compliance with tax and financial regulations
  • Consent: For communications beyond essential service notifications

5. How We Use Your Data

  • Provide access to the dashboard service
  • Process payments and maintain payment records
  • Prevent account sharing and unauthorized access
  • Respond to your support requests and suggestions
  • Improve service quality and fix technical issues
  • Comply with legal obligations

6. Data Sharing

We do NOT sell your data. We only share data with:

  • Stripe - Payment processing (required for transactions)
  • AWS - Hosting infrastructure (data storage and processing)
  • Law enforcement - Only if legally required

7. Data Security

  • Passwords are hashed using bcrypt (industry standard)
  • IP addresses are hashed (not stored in plain text)
  • Database access is restricted and encrypted
  • HTTPS encryption for all data transmission (when deployed)
  • Regular security updates and monitoring

8. Data Retention

  • Account data: Retained as long as your account is active
  • Payment records: Retained for 7 years (legal requirement)
  • Logs: Retained for 90 days for debugging purposes
  • Issues/Suggestions: Retained until resolved or account deletion

9. Your GDPR Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to certain types of processing
  • Withdraw consent: For processing based on consent

To exercise these rights, contact: raffaele@dataria.it

10. Account Deletion

To delete your account and data:

  1. Email raffaele@dataria.it with your request
  2. We will delete your account within 30 days
  3. Payment records are retained for legal compliance (7 years)
  4. You will receive confirmation once deletion is complete

11. Cookies and Tracking

  • Session cookies: Essential for login functionality (cannot be disabled)
  • No third-party tracking: We do not use analytics or advertising cookies

12. International Data Transfers

Your data is primarily stored in the EU (AWS Frankfurt region, if applicable). If data is transferred outside the EU, we ensure adequate protection measures are in place.

13. Children's Privacy

Our service is not intended for users under 18 years old. We do not knowingly collect data from children.

14. Changes to This Policy

We may update this privacy policy. We will notify users of significant changes via email or dashboard notification.

15. Supervisory Authority

If you believe we are not complying with GDPR, you have the right to lodge a complaint with your local data protection authority in the EU.

16. Contact Us

For privacy concerns or to exercise your GDPR rights:
Email: raffaele@dataria.it
Response time: Within 30 days as required by GDPR

Back to Registration Back to Home