Privacy notice

We collect only what we need to reply and to start a project well. No advertising profiles, no data brokers, no third-party enrichment.

• Contact form (/contact): name, work email and — optionally — website and a free-text note with your context.
• Technical request data: IP address, browser user-agent and referrer of the originating page, stored with the message for security and anti-spam.
• Email correspondence: if you reply by email, we keep the exchange in our mail systems.
• Server logs: our hosting provider records technical logs (IP, response times) for operational and security purposes, retained for a limited period.

We process your data to:

• Reply to your request and arrange the free meeting or follow-up — legal basis: pre-contractual measures at your request, Art. 6(1)(b) GDPR.
• Comply with legal obligations (tax, accounting, contractual) if you become a client — legal basis: legal obligation, Art. 6(1)(c) GDPR.
• Pursue our legitimate interests — site security, abuse prevention, anti-spam — legal basis: Art. 6(1)(f) GDPR.

We do not use your data for profiling, automated decision-making, advertising retargeting, or newsletter sends without an explicit opt-in from you.

To run the site and handle requests we rely on providers acting as processors under Art. 28 GDPR, bound by contracts that require adequate technical and organisational safeguards:

• Vercel Inc. — site hosting and technical logs (United States, with EU Standard Contractual Clauses).
• Make.com (Celonis SE) — orchestrates the contact form and forwards your message into our internal systems (EU / United States, with SCCs).
• Email provider for replies and conversation archives [provider to be confirmed].
• External advisors (accountant, lawyer) only for contacts that become clients.

Some of the providers above are based in the United States. Transfers rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.

Details are in the relevant Data Processing Agreements, available on request.

Contact-form requests are kept for as long as needed to reply and for 24 months after, so we can pick the thread up if you come back. After that they are deleted.

If you become a client, contract-related data is kept for 10 years after the relationship ends, as required by Italian civil and tax law.

Server logs have a shorter retention (typically 30 days), managed by the hosting provider.

As a data subject you can exercise the rights granted by Arts. 15-22 GDPR at any time:

• Access to your data and a copy of what we process.
• Rectification of inaccurate data or completion of incomplete data.
• Erasure ("right to be forgotten") in the cases provided by law.
• Restriction of processing.
• Objection to processing based on legitimate interest.
• Portability of the data you provided to us.
• Withdrawal of consent, where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise these rights, write to hello@naniza.io. We reply within 30 days.

If you believe the processing breaches the GDPR, you can file a complaint with the Italian Data Protection Authority — garanteprivacy.it.

We update this notice when the tools we use or the law change. The date at the top reflects the latest revision. For substantial changes, we will reach out by email where possible.