1. Data Controller

The Data Controller is:

Giovanni Manetti

VAT: IT06703160488

Email: [email protected]

2. Data Collected

PerSeo Insights collects and processes the following categories of personal data:

  • Registration data: username, email, password (encrypted)
  • Billing data: VAT number and tax residence (Pro accounts only)
  • OAuth data: if you use Google Sign-In, we receive name, email, profile photo
  • Usage data: URLs analyzed, scan timestamps, errors/warnings found
  • Technical data: IP address, user agent, browsing data
  • Cookies: technical and preference cookies (see Cookie Policy)

3. Processing Purposes

Your personal data is processed for the following purposes:

  • Service provision: account management, authentication, web analysis
  • Service improvement: anonymous statistics, performance optimization
  • Security: abuse prevention, rate limiting, account protection
  • Communications: transactional emails (e.g., registration confirmation, password reset)
  • Legal obligations: tax and accounting compliance

4. Legal Basis

The processing of your data is based on:

  • Contract performance (Art. 6(1)(b) GDPR) - to provide you with the requested service
  • Consent (Art. 6(1)(a) GDPR) - for non-technical cookies and marketing communications
  • Legitimate interest (Art. 6(1)(f) GDPR) - for security and fraud prevention
  • Legal obligation (Art. 6(1)(c) GDPR) - for tax compliance

5. Data Retention

Your personal data will be retained for:

  • Active accounts: until account deletion
  • Scan history: 24 months from last activity
  • Tax data: 10 years (legal obligation)
  • Security logs: 90 days

6. Data Sharing

Your personal data is NOT sold to third parties. It may only be shared with:

  • Service providers: hosting (VPS), database, CDN, email
  • Payment processing: Stripe (for secure processing of Pro account payments)
  • Google OAuth: if you use Google Sign-In (see Google Privacy Policy)
  • Competent authorities: upon legal request or court order

7. Your Rights (GDPR)

You have the right to:

  • Access: request a copy of your data (Art. 15)
  • Rectification: correct inaccurate data (Art. 16)
  • Erasure: "Right to be forgotten" (Art. 17)
  • Restriction: restrict processing (Art. 18)
  • Portability: receive data in structured format (Art. 20)
  • Objection: object to processing (Art. 21)
  • Complaint: file a complaint with the Data Protection Authority

To exercise your rights, contact us: [email protected]

8. Security

We implement technical and organizational security measures to protect your data:

  • SSL/TLS encryption for all communications
  • Passwords encrypted with bcrypt
  • Daily encrypted backups
  • Firewall and DDoS protection
  • Limited access to personal data

9. Extra-EU Data Transfer

Your data is stored on servers located in the European Union. Some third-party services (e.g., Google OAuth) may transfer data outside the EU with adequate safeguards (Standard Contractual Clauses).

10. Privacy Policy Changes

We reserve the right to modify this Privacy Policy. We will inform you via email in case of substantial changes. Continued use of the service constitutes acceptance of the changes.

11. Contact

For questions or requests regarding this Privacy Policy:

Email: [email protected]

Data Protection Authority: www.garanteprivacy.it