Privacy Policy (GDPR)
We value your privacy. This policy explains how we process personal data as part of our service.
1. What data we collect
Account Data: We collect name, email, organization, and technical logs when you create an account. This data is used to manage your account and provide our services.
Event Data: Information and content created within your events.
Team Member Data: Name, email, role, and permissions for team members you invite.
Non-Personal Data: We collect cookies, IP, user agent for analytics and improving user experience.
Uploaded Files: Files and media uploaded to the platform and their metadata.
2. Purposes and legal bases
Account Data: Your data is used for account management and providing platform access (art. 6.1.b GDPR - contract execution).
Non-Personal Data: Used for analytics and improving user experience (art. 6.1.f GDPR - legitimate interest).
Service Communications: We may send service-related communications about your account and subscriptions.
File Storage: Files are stored securely and processed according to your event settings.
3. Data sharing
We do not sell or share your personal data with third parties, except when necessary to provide services or comply with legal obligations.
Our sub-processors are bound by agreements compliant with Art. 28 GDPR. For details, see our Data Processing Agreement.
4. Cookies
We use cookies to improve your experience and analyze usage patterns.
You can manage cookies in your browser settings.
5. Security
We implement industry-standard security measures including encryption, access controls, and regular security audits to protect your data.
6. Your rights
You can request access to, modification, or deletion of your personal data at any time by contacting us at privacy@airowlgasga.dev.
You also have the right to file a complaint with the Italian Data Protection Authority (Garante).
Your GDPR rights include: access, rectification, deletion, processing restriction, data portability and objection to processing
7. Data retention
We retain your data for as long as your account is active. After account deletion, data is removed according to our retention policy.
Account data: Contract duration + 24 months
Organization data: Until organization deletion + 30 days
Uploaded files: Until deletion request
Logs: 12 months
Deletions from backups follow technical cycles.
8. Privacy Policy updates
We may update this policy from time to time. You will be notified of changes via email.
9. Applicable law
This Privacy Policy is governed by applicable law and GDPR.
Additional notes
International transfers: Part of our infrastructure and that of our sub-processors is located outside the European Economic Area, including the United States (e.g. Vercel, Cloudflare, Resend, Sentry). For such transfers we apply the Standard Contractual Clauses (SCC) approved by the European Commission or other appropriate safeguards under Chapter V of the GDPR. See the full list of sub-processors.
Minors: This is a B2B service not intended for minors.
Questions about this privacy policy?
Privacy email: privacy@airowlgasga.dev