Privacy Policy

The data controller is Obelica Systems, a software studio based in Italy.

Contact email: hello@obelica.com

We may collect and process the following categories of personal data:

• Account data: name, email address, and profile information provided during registration or contact form submissions.
• Usage data: IP address, browser type, device information, pages visited, and interaction patterns collected automatically through server logs.
• Payment data: billing information processed securely through Stripe. We do not store credit card numbers on our servers.
• Communication data: messages, emails, and project-related correspondence you send to us.

We process your personal data based on the following legal grounds under the GDPR:

• Consent (Art. 6(1)(a) GDPR): when you explicitly agree to the processing of your data, such as subscribing to our newsletter or accepting optional cookies.
• Contract performance (Art. 6(1)(b) GDPR): when processing is necessary to fulfill a contract with you, such as delivering a project or processing payments.
• Legitimate interest (Art. 6(1)(f) GDPR): when processing is necessary for our legitimate business interests, such as improving our services, ensuring security, and preventing fraud.
• Legal obligation (Art. 6(1)(c) GDPR): when processing is required to comply with applicable laws, such as tax and accounting regulations.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data: retained for the duration of your account and for up to 12 months after account deletion.
• Payment and invoicing data: retained for 10 years as required by Italian tax law.
• Usage logs: retained for up to 90 days.
• Communication data: retained for the duration of the business relationship and up to 24 months thereafter.
• Newsletter subscriptions: retained until you unsubscribe.

Under the GDPR, you have the following rights regarding your personal data. You may exercise any of these rights by contacting us at hello@obelica.com:

• Right of access (Art. 15): obtain confirmation of whether your data is being processed and request a copy.
• Right to rectification (Art. 16): request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): request the deletion of your personal data where there is no compelling reason for continued processing.
• Right to data portability (Art. 20): receive your data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21): object to the processing of your data based on legitimate interest or for direct marketing purposes.
• Right to restrict processing (Art. 18): request the restriction of processing in certain circumstances.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

We use cookies to ensure the proper functioning of our website. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

We use the following third-party services that may process your personal data. Each provider acts as a data processor under applicable agreements:

• Stripe (Stripe, Inc., USA) — payment processing. Stripe is certified under the EU-U.S. Data Privacy Framework. Privacy Policy
• Vercel (Vercel, Inc., USA) — website hosting and edge delivery. Privacy Policy
• Resend (Resend, Inc., USA) — transactional email delivery. Privacy Policy
• Google OAuth (Google LLC, USA) — authentication. When you sign in with Google, we receive your name, email, and profile picture. Privacy Policy
• Neon (Neon, Inc., USA) — database hosting. Your data is stored encrypted at rest and in transit. Privacy Policy

Some of our third-party service providers are located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), encrypted database storage, access controls, and regular security reviews.

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

For any questions or requests regarding this privacy policy or the processing of your personal data, please contact us:

Obelica Systems
Email: hello@obelica.com