Privacy Policy

1. Data Controller

InsideOil ("we", "us") operates insideoil.it. For questions about this policy, contact us at info@insideoil.it.

2. Data We Collect

• Account data: name, email address, hashed password
• Payment data: processed by Stripe; we store only your Stripe customer ID
• Usage data: pages visited, features used, timestamps
• Technical data: IP address, browser type, device info

3. Legal Basis (GDPR Art. 6)

• Contract performance: to provide the services you subscribed to
• Legitimate interest: analytics, security, fraud prevention
• Consent: marketing emails (opt-in only)

4. How We Use Your Data

We use your data to: provide and improve the platform, process payments, send transactional emails, detect fraud, and comply with legal obligations.

5. Data Sharing

We share data only with:

• Stripe: payment processing
• Vercel: hosting and analytics
• Law enforcement: when legally required

We do not sell your personal data.

6. Cookies

We use essential cookies for authentication and session management. We use analytics cookies only with your consent. You can manage preferences via the cookie banner.

7. Your Rights (GDPR)

You have the right to: access, rectify, delete, port your data, object to processing, and withdraw consent. Contact info@insideoil.it to exercise these rights.

8. Data Retention

We retain account data for the duration of your account. After deletion, data is purged within 30 days. Payment records are retained for 10 years per fiscal obligations.

9. Security

Passwords are hashed with bcrypt. All data is transmitted over HTTPS. Payment data is handled by PCI-DSS compliant Stripe.

10. Changes

We may update this policy. Significant changes will be notified via email or in-app notice.