We respect your privacy

    Privacy & Security

    Privacy Policy

    Notice on the processing of personal data pursuant to EU Regulation 2016/679 (GDPR).

    Last updated: 20/05/2026

    This document informs the natural person (the "Data Subject") about the processing of their personal data (the "Personal Data") collected by the data controller, NT VENTURES S.R.L., with registered office at Via Lorenteggio 47, 20146 Milan (MI), Italy, Italian Tax Code / VAT 14718310965, email [email protected], PEC [email protected] (the "Controller"), through the website and application ideaproof.io (the "Application").

    Any changes and updates will be effective from the moment they are published on the Application. If the Data Subject does not accept the changes, they must stop using the Application and may request the Controller to delete their Personal Data.

    1. Categories of Personal Data processed

    The Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

    • Contact data: name, surname, address, email address, phone number, images, authentication credentials and any further information sent by the Data Subject.
    • Tax and payment data: tax code, VAT number, credit card details, bank details, etc.

    The Controller also processes the following types of Personal Data collected automatically:

    • Usage data: pages visited, number of clicks, actions taken, session duration, etc.

    Should the Data Subject decide not to provide Personal Data that is mandatory by law, by contract or necessary to enter into the contract with the Controller, it will be impossible for the Controller to establish or continue any relationship with the Data Subject. The Data Subject who shares third parties' Personal Data with the Controller is directly and exclusively responsible for their origin, collection, processing, communication or disclosure.

    2. Cookies and similar technologies

    The Application uses cookies, web beacons, unique identifiers and other similar technologies to collect Personal Data about visited pages and links and other actions performed while using the Application. The full Cookie Policy is available at https://ideaproof.io/cookies.

    3. Legal basis and purposes of the processing

    The processing of Personal Data is necessary:

    a. for the performance of the contract with the Data Subject, in particular for:

    1. fulfilling any obligation arising from the pre-contractual or contractual relationship;
    2. registering and authenticating the Data Subject on the Application;
    3. providing support and contact to respond to the Data Subject's requests;
    4. managing payments via credit card, bank transfer or other methods.

    b. to comply with legal obligations, in particular:

    1. complying with any obligation under applicable laws, in particular tax legislation.

    c. for the Controller's legitimate interest, in order to:

    1. send email marketing of the Controller's products and/or services that are similar to those already purchased by the Data Subject;
    2. manage, optimize and monitor the technical infrastructure;
    3. ensure security and fraud prevention to protect the Controller's assets and networks;
    4. generate statistics based on anonymous and aggregated data to improve the products and/or services offered.

    d. based on the Data Subject's consent, for:

    1. profiling for marketing purposes through automated processing;
    2. retargeting and remarketing to reach the Data Subject with personalized advertising;
    3. marketing of the Controller's products and/or services, through automated and traditional methods.

    The Data Subject's Personal Data may also be used by the Controller to defend itself before the competent authorities.

    4. Processing methods and recipients of Personal Data

    Personal Data is processed using paper and electronic tools, with organizational and logical methods strictly related to the stated purposes and through the adoption of adequate security measures.

    Personal Data is processed exclusively by:

    • persons authorized by the Controller to process Personal Data and bound by confidentiality;
    • parties acting autonomously as independent controllers or appointed by the Controller as data processors (e.g., business partners, consultants, IT companies, hosting providers);
    • parties or entities to whom Personal Data must be disclosed by law or by order of the authorities.

    External data processors

    The Controller relies on the following providers as Data Processors pursuant to Art. 28 GDPR:

    • Stripe Payments Europe Ltd (Ireland) — electronic payment processing and fraud prevention.
    • Supabase Inc. — database hosting and authentication management (EU region).
    • SendGrid (Twilio Inc.) — delivery of transactional email communications.
    • Google LLC — aggregated analytics (Google Analytics) and campaign measurement (Google Ads), subject to cookie consent.
    • OpenAI, OpenRouter, Anthropic — processing of submitted content for AI output generation (text, images), without using data to train models.
    • Contentsquare — aggregated user-behavior analysis, subject to consent.

    The parties listed above are required to adopt adequate security measures and may access only the data necessary to perform their functions. Personal Data will never be shared indiscriminately.

    5. Place of processing

    Personal Data will not be transferred outside the European Economic Area (EEA). Any transfers to non-EEA providers (e.g., US-based AI providers) take place on the basis of adequate legal safeguards (EU Commission Standard Contractual Clauses).

    6. Retention period of Personal Data

    Personal Data will be retained for the time necessary to pursue the purposes for which it was collected. In particular:

    • for purposes related to the performance of the contract: for the entire duration of the contractual relationship and, after termination, for the ordinary 10-year statute of limitations;
    • for purposes related to the Controller's legitimate interest: until that interest is satisfied;
    • to comply with legal obligations, by order of an authority or for legal defense: according to the terms set by those obligations and rules;
    • for purposes based on the Data Subject's consent: until consent is withdrawn.

    At the end of the retention period, all Personal Data will be deleted or kept in anonymous form that no longer allows the identification of the Data Subject.

    7. Rights of the Data Subject

    The Data Subject may exercise the following rights at any time:

    • be informed about the processing of their Personal Data;
    • withdraw consent at any time;
    • restrict the processing of their Personal Data;
    • object to the processing of their Personal Data;
    • access their Personal Data;
    • verify and request rectification of their Personal Data;
    • obtain the deletion of their Personal Data (right to be forgotten);
    • transfer their Personal Data to another data controller (portability);
    • lodge a complaint with the supervisory authority (Italian Data Protection Authority — Garante) and/or take legal action.

    To exercise these rights, the Data Subject may send a request to [email protected]. Requests will be handled promptly by the Controller and in any case within 30 days.

    Last updated: 20/05/2026 — NT VENTURES S.R.L.