Privacy Policy
Last updated: 22 March 2026
1. Data Controller
The data controller is Unpublic S.R.L., with registered office at Viale Monte Nero 43, 20135 Milano (MI), Italy, tax code and registration number 14605720961, PEC unpublicsrl@pec.it (“Unpublic”, “we”, “us” or “our”).
This Privacy Policy explains how we collect, use, store and protect your personal data when you access or use our platform, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) and applicable Italian data protection legislation.
2. Personal Data We Collect
2.1 Data You Provide
- Account data: email address, name, organisation name, role and profile information provided during registration or platform use.
- Communication data: messages, feedback and correspondence you send to us.
- Transaction data: billing information and subscription details, where applicable.
- User content: documents, files, data and other materials you upload to the platform.
2.2 Data Collected Automatically
- Usage data: pages visited, features used, timestamps, click patterns and session duration.
- Device and technical data: IP address, browser type and version, operating system, device identifiers and screen resolution.
- Cookies and similar technologies: we use essential cookies to maintain your session and remember your preferences. See Section 8 below for details.
3. Purposes and Legal Basis
We process your personal data for the following purposes:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Providing and maintaining the platform | Performance of contract (Art. 6(1)(b)) |
| Account creation and authentication | Performance of contract (Art. 6(1)(b)) |
| AI-powered analysis and document processing | Performance of contract (Art. 6(1)(b)) |
| Platform security and abuse prevention | Legitimate interest (Art. 6(1)(f)) |
| Service improvement and analytics | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Marketing communications (if opted in) | Consent (Art. 6(1)(a)) |
4. Third-Party Data Processors
To operate the platform and provide our services, we may share personal data with the following categories of third-party processors, all of whom are bound by appropriate data processing agreements:
- Cloud infrastructure: Amazon Web Services (AWS), for hosting, storage and computing services, with data processed within the EU (eu-west-1 region).
- AI providers: OpenAI and Anthropic, for AI-powered analysis and document processing features. Data transmitted to these providers is used solely for generating outputs on your behalf and is subject to their respective data processing terms.
- Email delivery: SMTP services for transactional emails (authentication codes, notifications).
We do not sell, rent or trade your personal data to third parties for marketing purposes.
5. International Data Transfers
Some of our third-party processors (in particular, AI providers) may process data outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms under the GDPR.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Account data: retained for the duration of your account and for up to 12 months after account deletion, unless longer retention is required by law.
- User content: retained until you delete it or your account is terminated. Backups may persist for up to 30 days after deletion.
- Usage and technical data: retained for up to 24 months for analytics and security purposes.
- Legal and compliance data: retained for the period required by applicable law (generally 10 years for fiscal records under Italian law).
7. Your Rights
Under the GDPR, you have the following rights with respect to your personal data:
- Access: request a copy of the personal data we hold about you.
- Rectification: request correction of inaccurate or incomplete data.
- Erasure: request deletion of your personal data (“right to be forgotten”).
- Restriction: request that we limit the processing of your data in certain circumstances.
- Portability: receive your personal data in a structured, commonly used, machine-readable format.
- Objection: object to processing based on legitimate interests or direct marketing.
- Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at admin@unpublic.it or via PEC at unpublicsrl@pec.it. We will respond within 30 days.
You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.
8. Cookies
We use the following types of cookies:
- Strictly necessary cookies: required for the platform to function (e.g. session authentication). These cannot be disabled.
- Functional cookies: used to remember your preferences and settings.
We do not use advertising or third-party tracking cookies. No cookie consent banner is required as we only use technically necessary cookies exempt under Art. 5(3) of the ePrivacy Directive.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These include encryption in transit (TLS) and at rest, access controls, audit logging and regular security reviews. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Children
The platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the platform or by email. The “Last updated” date at the top of this page indicates the most recent revision.
12. Contact
For any questions or requests regarding this Privacy Policy or your personal data, please contact:
Unpublic S.R.L.
Viale Monte Nero 43, 20135 Milano (MI), Italy
PEC: unpublicsrl@pec.it
Email: admin@unpublic.it