LEGAL
Privacy policy
Version 2 — published on 15/07/2026
PRIVACY POLICY
Version 2 — last updated: 14 July 2026
1. Data controller. The data controller is Poderosa Studio. For any request concerning personal data: privacy@poderosastudio.com.
2. Data processed.
— Account data: email address, name (if provided), password in encrypted form (hash), preferred language, subscription plan.
— Transfer data: title, message, file names and sizes, recipients' email addresses, upload and expiry dates.
— File content: stored encrypted (AES-256) on servers within the European Union; the operator does not access the content and performs no prior review.
— Usage and security data: IP address, user agent, date and time of accesses and downloads, record of acceptances of the legal texts (version, date, IP).
— Technical cookies: see point 9.
3. Purposes and legal bases.
— Provision of the file transfer service, account management and notifications: performance of the contract.
— Sending the monthly usage report to the account email: performance of the contract (service communication).
— Security, prevention of abuse and fraud: legitimate interest of the controller.
— Compliance with legal obligations and responses to requests from the authorities: legal obligation.
We do not carry out advertising profiling and we do not sell data to third parties.
4. Retention.
— Transferred files: automatically and permanently deleted upon expiry of the transfer, with no possibility of recovery.
— Metadata of expired or deleted transfers: permanently deleted within 90 days.
— Account data: for the entire duration of the account, until its deletion.
— Technical and security logs: for the time strictly necessary for security and operational purposes.
5. Recipients and providers. Data is stored on servers located within the European Union. We use providers acting as data processors: hosting and storage (OVH, EU) and email delivery (Brevo, EU). Data is not transferred outside the European Union and is not disclosed to other parties, except where required by law or by requests from the competent authorities.
6. Data subject rights. You have the right to obtain access to your data, rectification, erasure, restriction of processing, portability, and to object to processing, by writing to privacy@poderosastudio.com. You also have the right to lodge a complaint with your supervisory authority (in Italy, the Garante per la protezione dei dati personali, www.garanteprivacy.it).
7. Account deletion. From the control panel you can independently request, at any time, the permanent deletion of your account and of all your transfers. Deletion is irreversible and is completed within 30 days of the request, except for data the controller is required to retain by law.
8. Monthly report. The email address used to create the account receives a monthly report on the use of the service (for example: transfers made, storage used). This is a service communication linked to the contract, not a commercial communication; it ceases when the account is deleted.
9. Cookies. The service uses only technical cookies, necessary for its operation: session cookies, security cookies (CSRF protection) and language preference cookies. We do not use profiling cookies or third-party cookies; for this reason no consent banner is required.
10. Minors. The service is reserved for adults. We do not knowingly collect data from minors.
11. Changes. The current version of this policy is always published on this page. Substantial changes are communicated to the account email address.