Privacy Policy

This privacy notice (hereinafter the "Notice") is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018, and describes how personal data of users (hereinafter "Data Subjects") accessing the ANIMA platform at freeaidomain.com is processed.

1. Data Controller

The Data Controller is:

Cuttalo di Vincenzo Rubino
VAT No.: IT03242390734
Email: [email protected]
Website: freeaidomain.com

2. Categories of Data Collected

The Controller collects and processes the following categories of personal data:

2.1. Data voluntarily provided by the Data Subject

• Registration data: email address and username, provided upon Account creation;
• Contact data: name, email, and message content submitted through the contact form.

2.2. Data collected automatically

• Browsing data: IP address, browser type and version, operating system, pages visited, date and time of access, referring URL, visit duration;
• Usage data: tools used, frequency of use, credits consumed, interface interactions.

2.3. Data NOT collected

The Controller does not collect or store content (texts, data) entered by the User in AI Tools. Such data is transmitted in real time to artificial intelligence providers for processing and is not stored on the Controller's servers after the result is returned.

3. Purposes and Legal Basis of Processing

Purpose	Legal basis (GDPR Article)
Service provision and Account management	Art. 6(1)(b) — contract performance
Payment processing	Art. 6(1)(b) — contract performance
Service communications (updates, security)	Art. 6(1)(f) — legitimate interest
Aggregate analytics and Service improvement	Art. 6(1)(f) — legitimate interest
Security and fraud prevention	Art. 6(1)(f) — legitimate interest
Analytics cookies (where implemented)	Art. 6(1)(a) — consent
Compliance with legal obligations	Art. 6(1)(c) — legal obligation

4. Data Retention Period

• Account data: retained for the duration of the Account and for 30 days following deletion, to allow possible restoration;
• Access logs and browsing data: retained for a maximum of 12 (twelve) months;
• Aggregate analytics data: retained for a maximum of 24 (twenty-four) months;
• Billing data: retained for the period required by Italian tax law (10 years).

5. Recipients and Extra-EU Transfers

Personal data may be disclosed to the following third parties, acting as data processors pursuant to Article 28 GDPR:

Provider	Location	Purpose	Safeguard
Cloudflare, Inc.	USA	CDN, DDoS protection, DNS	SCC (Standard Contractual Clauses)
Stripe, Inc.	USA	Payment processing	SCC (Standard Contractual Clauses)
OpenAI, Inc.	USA	AI processing (AI Tools)	SCC (Standard Contractual Clauses)

Transfers to the United States are made on the basis of Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Article 46(2)(c) GDPR, supplemented where necessary by additional measures in accordance with EDPB recommendations.

Personal data is not sold to third parties and is not used for commercial profiling purposes.

6. Data Subject Rights

Pursuant to Articles 15–22 of the GDPR, the Data Subject has the right to:

• Access (Art. 15): obtain confirmation of processing and access to personal data;
• Rectification (Art. 16): obtain correction of inaccurate data or completion of incomplete data;
• Erasure (Art. 17): obtain erasure of personal data ("right to be forgotten"), in applicable cases;
• Restriction of processing (Art. 18): obtain restriction of processing in applicable cases;
• Data portability (Art. 20): receive personal data in a structured, commonly used, and machine-readable format;
• Objection (Art. 21): object to processing based on legitimate interest;
• Withdrawal of consent (Art. 7): withdraw consent at any time, without affecting the lawfulness of processing based on consent given prior to withdrawal.

To exercise these rights, the Data Subject may send a request to: [email protected] or via the contact page.

The Data Subject also has the right to lodge a complaint with the competent supervisory authority: Garante per la Protezione dei Dati Personali (www.garanteprivacy.it).

7. Data Security

The Controller implements appropriate technical and organizational measures to protect personal data, including:

• traffic encryption via HTTPS/TLS protocol;
• system access restricted through authentication;
• periodic encrypted backups;
• rate limiting and anti-DDoS protection;
• environment separation and need-to-know access controls.

8. Amendments to This Notice

The Controller reserves the right to amend this Notice at any time. The updated version shall always be available at freeaidomain.com/en/privacy. In the event of material changes, the Controller shall provide notice through the Service or via email.