Skip to content
← Back to home

Privacy Policy

Data Controller

Rahu S.r.l.
Via Monviso 26, 20154 Milano (MI), Italy
P.IVA / C.F.: 14254260962
Capitale Sociale: EUR 15.000
PEC: rahu@legalmail.it
Email: marco.trombetta@rahu.group
Tel: +39 331 999 2996

Data We Collect

We do not collect any personal data. This website does not use contact forms, user accounts, analytics tools, tracking pixels, or any other mechanism that collects or processes personal information.

Cookies & Local Storage

This website does not use any tracking, profiling, advertising, or analytics cookies. We do not use third-party cookies of any kind.

Functional storage: we store your language preference in browser localStorage (key: rahu-lang). This is strictly necessary for the language switcher to remember your choice between visits, contains no personal data, and is stored only on your device — never transmitted to our servers. Under EDPB Guidelines 05/2020 this does not require prior consent. You can clear it anytime from your browser settings. See our Cookie Policy for full details.

Contact via Email

When you click "Start a project" or any contact link on this site, your default email client opens with a pre-filled address (marco.trombetta@rahu.group). Any personal data you choose to include in your email is processed solely for the purpose of responding to your inquiry, based on your consent (Art. 6(1)(a) GDPR). We do not share this data with third parties.

Hosting

This website is hosted on Vercel Inc. (San Francisco, CA, USA). Vercel may process server logs containing IP addresses for security and performance purposes. For details, see Vercel's Privacy Policy.

Fonts & External Resources

Fonts (Syne, DM Mono) are loaded locally via Next.js font optimization. No requests are made to external font servers.

AI Chat Assistant

This website features an AI-powered chat assistant ("Talk to RAHU") that helps you draft a project brief. Conversations are processed by Google Gemini (Google LLC). Your messages are sent to Google's servers for processing and are subject to Google's API Terms of Service.

We do not store chat conversations on our servers. Conversations exist only in your browser session and are lost when you close the page. The generated email brief is opened in your local email client — it is not sent automatically.

Data Retention

Server logs: Retained by Vercel for a maximum of 30 days, then permanently deleted.
Email inquiries: Retained for up to 6 months for response purposes. Extended to 10 years only if a contract is executed (Italian fiscal law requirement). Deletion on request honored within 30 days unless legal obligations apply.
AI chat conversations: Not stored. Exist only in your browser session.

Legal Basis for Processing

Where applicable, we process personal data under the following legal bases (Art. 6 GDPR):

  • Art. 6(1)(a) — Consent: When you voluntarily contact us via email.
  • Art. 6(1)(f) — Legitimate Interest: For server security logs and website availability monitoring performed by our hosting provider.

International Data Transfers (Schrems II)

Following CJEU Schrems II (Case C-311/18), the United States is not considered an adequate jurisdiction for personal data. We rely on Standard Contractual Clauses (Art. 46 GDPR) for all USA-bound transfers.

  • Vercel (USA, hosting): server logs with IP addresses (max 30 days). Transfer based on Vercel DPA with SCCs.
  • Google Gemini (USA, AI chat):chat messages sent to Google's servers in the USA. By using the AI chat you explicitly consent to this transfer (Art. 49(1)(a) GDPR). Note: USA has broad surveillance laws (FISA Section 702, CLOUD Act). See Google Privacy Policy.
  • GitHub (USA, public stats widget): when the homepage loads, your browser fetches public statistics from api.github.com. GitHub may log your IP. Subject to GitHub Privacy.
  • Cal.com (USA, scheduling): if you click booking links, you are redirected to cal.com. Their data handling applies. See Cal.com Privacy.

You may request our internal Transfer Impact Assessment by emailing marco.trombetta@rahu.group.

Right to Erasure (Art. 17 GDPR)

To request deletion of your data, send an email with subject "Request for Data Deletion" to marco.trombetta@rahu.group. We acknowledge within 5 business days and complete deletion within 30 days (Art. 12 GDPR).

What we delete: email correspondence from our records (subject to fiscal-law retention if a contract was executed).

What we cannot delete: Vercel server logs (auto-deleted after 30 days, out of our control); Google Gemini chat history (stored by Google — delete via Google My Activity); contracts and invoices required by Italian fiscal law (10-year retention).

Data Breach Notification (Art. 33-34 GDPR)

In case of a personal data breach, we will:

  • Notify the Italian Data Protection Authority (Garante per la Privacy) within 72 hours.
  • Inform affected data subjects without undue delay if the breach poses a high risk.
  • Document the incident, its effects, and remediation in our internal register.

To report a suspected security incident, email marco.trombetta@rahu.group with subject SECURITY INCIDENT.

Your Rights

Under GDPR (Art. 15–22) and D.Lgs. 196/2003 you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erasure — "right to be forgotten" (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3)) — see section below

To exercise any right, email marco.trombetta@rahu.group. We respond within 30 days (Art. 12 GDPR), extendable to 60 days for complex requests.

Consent Withdrawal (Art. 7(3) GDPR)

You can withdraw any consent as easily as it was given. Specifically:

  • AI Chat consent: refuse the checkbox before starting a conversation, or simply close the page mid-chat. No conversation is stored on our servers, so withdrawal is immediate.
  • Email correspondence consent: email us with subject "Withdraw consent" and we will remove you from our contact list and delete your inquiries within 30 days (unless fiscal-law retention applies).
  • Language preference storage:clear your browser's site data to remove the rahu-lang localStorage entry.

Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

If you believe your rights have been violated you can lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali):

Italian Law Compliance

This policy is issued under:

  • Regulation (EU) 2016/679 (GDPR)
  • Italian Personal Data Protection Code — D.Lgs. 196/2003 as amended by D.Lgs. 101/2018
  • Italian e-Commerce Law — D.Lgs. 70/2003, Art. 4
  • EU e-Privacy Directive 2002/58/EC as amended by Directive 2009/136/EC
  • EU AI Act — Regulation (EU) 2024/1689, Art. 52 (transparency for AI systems)

Italian residents may contact us and lodge complaints in Italian. Rahu S.r.l. supports Italian as an official communication language for data protection matters.

Updates

This policy may be updated periodically. Last updated: April 2026.