TS tech-sensei.com
Get started free

Privacy Policy

Last updated: 16 May 2026 -- Effective immediately

TL;DR: We collect the minimum data necessary to deliver the service. We don't sell your data. We don't run ad networks. We use privacy-friendly analytics. You have full GDPR rights.

1. Data Controller

Valerio Diaco, Italy (P.IVA filing pending; will be added when active). Contact for privacy requests: [email protected].

2. Data We Collect

2.1 Newsletter / lead magnet signup

  • Email address (required)
  • First name (optional)
  • Profile / use case (optional, for newsletter segmentation)
  • Locale (EN or IT, auto-detected)
  • IP address at signup time (legal evidence of consent only, not stored long-term)

Stored in: Loops (transactional) + Beehiiv (newsletter).

2.2 Site analytics

  • Page URL visited (no query params containing PII)
  • Referrer (where you came from)
  • Country (from IP, geolocated then IP discarded)
  • Device type (mobile / desktop / tablet)
  • Browser family

NOT collected: individual user identifiers, fingerprints, cross-site tracking, full IP addresses (we use Plausible / PostHog self-hosted with IP anonymization).

2.3 Affiliate tracking

When you click an affiliate link (Amazon, NordVPN, ProtonVPN, etc.), the destination merchant tracks your visit per their privacy policy. We don't share PII with merchants. We receive aggregate commission reports (no individual purchase data).

2.4 Payment data (Phase 3, when Pro tier launches)

Payment processed by Stripe. We never see your full card details. We retain order metadata (amount, plan, billing address) for fiscal compliance (10 years per Italian law).

3. Legal Basis (GDPR art. 6)

  • Newsletter / lead magnet: explicit consent (art. 6.1.a). Withdrawable anytime via unsubscribe link.
  • Paid services: contract performance (art. 6.1.b).
  • Anonymized analytics: legitimate interest (art. 6.1.f) -- minimal data, no profiling.
  • Fiscal records: legal obligation (art. 6.1.c).

4. Data Retention

  • Newsletter email: until you unsubscribe + 30 days grace period
  • Site analytics: 12 months aggregated, raw events 30 days
  • Payment data: 10 years (Italian fiscal law DPR 600/1973)
  • Customer support emails: 24 months

5. Your Rights (GDPR art. 15-22)

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate data
  • Erasure: delete your data (right to be forgotten)
  • Restriction: limit processing
  • Portability: receive your data in machine-readable format
  • Objection: opt out of processing based on legitimate interest
  • Complaint: lodge complaint with Italian Garante della Privacy or your local DPA

To exercise any right: email [email protected]. Response within 30 days per GDPR.

6. Third-Party Processors

  • Cloudflare (hosting + CDN) -- US/EU data centers, GDPR-compliant DPA in place
  • Loops (transactional email) -- US-based, EU-US Data Privacy Framework
  • Beehiiv (newsletter) -- US-based, EU-US Data Privacy Framework
  • Stripe (payments, Phase 3) -- Ireland EU entity
  • Plausible / PostHog (analytics) -- self-hosted EU servers
  • Affiliate networks: Amazon Associates, Impact, PartnerStack, individual brand programs

7. Cookies

See our Cookie Policy. Essential cookies only; no tracking or advertising cookies. No consent banner required when only essential cookies are used (per ePrivacy + GDPR).

8. International Transfers

Some processors are US-based (Cloudflare, Loops, Beehiiv). Transfers occur under EU-US Data Privacy Framework + Standard Contractual Clauses (SCCs).

9. Children Under 16

Tech Sensei is not directed at children under 16. We don't knowingly collect data from children. If you believe a minor's data is in our system, contact [email protected] for immediate deletion.

10. Changes to This Policy

Material changes notified via newsletter (if subscribed) + site banner. Last 5 versions retained for transparency.