Privacy Policy
This Privacy Policy explains how ekory S.r.l. collects, uses and protects personal data when you use this website. Processing of data inside the ekory product is governed separately by our Data Processing Agreement.
1Data controller
The data controller for personal data processed through this website is ekory S.r.l. ("ekory", "we", "us").
- Registered office: [full registered address], Milano, Italy
- VAT / P.IVA: [VAT number] — REA: [REA number]
- Email: privacy@ekory.ai
We have not appointed a Data Protection Officer (DPO) as we are not required to under Article 37 GDPR. [If a DPO is appointed, add their contact details here.]
2Scope of this policy
This policy describes how we process personal data of visitors to ekory.ai — for example when you subscribe to our newsletter, book a demo, or simply browse.
It does not cover personal data that we process on behalf of our customers inside the ekory product. In that context our customer is the data controller and ekory acts as data processor, under the terms of our Data Processing Agreement.
3Data we collect & why
We collect only the data we need, for clearly defined purposes and on a defined legal basis under Article 6 GDPR.
| Data | Purpose | Legal basis |
|---|---|---|
| Email address (newsletter) | Send our monthly "Field notes" newsletter | Consent — Art. 6(1)(a) |
| Demo request: name, business email, company, message and scheduling details (via Calendly) | Arrange and run your demo and respond to your enquiry | Pre-contractual steps — Art. 6(1)(b); legitimate interest — Art. 6(1)(f) |
| Technical data: IP address, browser/device type, pages viewed, timestamps (hosting logs) | Deliver and secure the site, prevent abuse, basic diagnostics | Legitimate interest — Art. 6(1)(f) |
We do not intentionally collect special categories of data (Article 9 GDPR). Please do not include sensitive personal data in free-text demo messages.
5Who we share data with
We never sell personal data. We share it only with carefully selected service providers ("processors") acting on our instructions:
| Recipient | Purpose | Location & safeguard |
|---|---|---|
| Vercel Inc. | Website hosting & server logs | USA — EU Standard Contractual Clauses |
| Google Ireland Ltd / Google LLC | Newsletter storage (Apps Script & Sheets) | EU / USA — Standard Contractual Clauses |
| Calendly LLC | Demo scheduling | USA — EU Standard Contractual Clauses |
[Add any further processors, e.g. CRM or email-marketing provider]
We may also disclose data where required by law or to protect our legal rights.
6International transfers
Some of our processors are located outside the European Economic Area, including in the United States. Where we transfer personal data outside the EEA, we rely on the European Commission's Standard Contractual Clauses (Decision (EU) 2021/914) together with appropriate supplementary measures. A copy of the relevant safeguards is available on request.
7Retention
- Newsletter: until you withdraw your consent / unsubscribe.
- Demo & enquiry data: for the duration of our evaluation and, thereafter, up to [e.g. 24 months] for follow-up, unless a contract is signed.
- Technical logs: typically up to [e.g. 12 months].
We keep data only as long as necessary for the purposes above or to comply with legal obligations.
8Your rights
Under the GDPR you have the right to: access your data; rectify inaccurate data; erase data; restrict or object to processing; data portability; and, where processing is based on consent, to withdraw that consent at any time without affecting prior processing.
To exercise any of these rights, contact privacy@ekory.ai. You also have the right to lodge a complaint with the Italian supervisory authority, the Garante per la protezione dei dati personali.
9Security
We implement appropriate technical and organisational measures under Article 32 GDPR, including encryption in transit (HTTPS), access controls, and the principle of least privilege. No method of transmission over the internet is, however, completely secure.
10Children
This website is intended for businesses and is not directed to children. We do not knowingly collect personal data from anyone under the age of 16.
11Changes to this policy
We may update this policy from time to time. The "Last updated" date above reflects the latest revision. Material changes will be communicated through the website or by email where appropriate.
12Contact
Questions about this policy or our data practices? Email privacy@ekory.ai.