Privacy Policy

This site sets no cookies and shows no cookie banner, because there is nothing to consent to. We measure traffic with cookieless, aggregated analytics that cannot identify you. The only personal data we process is what you send us through the request-access form or by email, and we use it only to answer you.

Addiscovery, Milan, Italy, is the data controller for this website. For anything in this policy, write to [email protected]. Our Data Protection Officer is reachable at [email protected].

Technical access logs. Our hosting provider records standard request data (IP address, user agent, requested URL) to deliver the site and protect it from abuse. Legal basis: legitimate interest (GDPR Art. 6(1)(f)). Logs are kept for the short period needed for security, then deleted.

Traffic analytics. We use Vercel Web Analytics in its cookieless mode: no cookies, no advertising identifiers, no cross-site tracking. Visits are counted through a temporary hash that is discarded and cannot be linked back to a person; we only ever see aggregated numbers such as page views and referrers. Legal basis: legitimate interest (Art. 6(1)(f)) in understanding how the site is used.

The request-access form. When you submit it, we process your name, work email, company, role and what you write in order to evaluate the request and reply. The submission travels through our own server, which stores nothing itself, and is delivered to two places: our lead register, hosted on Notion, where we track the conversation, and our inbox as one notification email sent by Resend. An invisible Cloudflare Turnstile check runs in the background to keep bots out of the form. Legal basis: steps prior to a contract (Art. 6(1)(b)) for the submission, and legitimate interest (Art. 6(1)(f)) for the anti-abuse check.

Email correspondence. If you write to us directly, we process your address and message to reply. Legal basis: Art. 6(1)(b) and legitimate interest. We keep correspondence as long as the conversation is relevant.

Nothing else. No advertising identifiers, no profiling, no sale of personal data, and none of your data trains AI models.

We use four providers, each under a data processing agreement: Vercel Inc. (site hosting and the cookieless analytics described above), Notion Labs, Inc. (the register where we track access requests), Resend (delivery of the notification email), and Cloudflare, Inc. (Turnstile, the invisible anti-abuse check on the request-access form). Turnstile tells humans from bots in the background; Cloudflare processes limited technical data for that single purpose under its Turnstile Privacy Addendum, and does not use it for advertising or cross-site tracking. They may process data in the United States; those transfers rest on the European Commission's Standard Contractual Clauses and, where the provider is certified, the EU–US Data Privacy Framework. We keep processing in the EU where the provider offers it.

Form submissions and correspondence are kept while we evaluate the request and for as long as the relationship stays active, then deleted. Aggregated analytics contain no personal data and have no deletion clock. Hosting logs follow the provider's short security retention.

Under the GDPR you can ask for access, rectification, erasure, restriction, portability, and you can object to processing based on legitimate interest (Arts. 15 to 21). Write to [email protected] and we will answer within a month. You can also lodge a complaint with your supervisory authority; in Italy that is the Garante per la protezione dei dati personali.

If this policy changes, the new version appears here with a new date. We will not weaken it quietly.