Salta al contenuto / Skip to content
← labforge.techlabforge.tech · legal

Privacy Policy

Version 1.2 · 2026-05-13

Data controller

Iuri Vaccari, individual resident in Reggio Emilia (Italy). Privacy contact: [email protected]. General contact: [email protected]. No Data Protection Officer (DPO) is appointed since the conditions of art. 37 GDPR do not apply.

Purposes and data processed

www.labforge.tech processes only the following data, strictly necessary for the operation and security of the service:

1) Access logs (IP address, user agent, requested URL, timestamp): retained for a maximum of 30 days for security, abuse prevention and technical diagnostics. Then deleted.

2) Application download counters (number of downloads per app/version/day): aggregated anonymous data, not linkable to identified or identifiable individuals.

3) Local browser preferences (light/dark theme, IT/EN language, cookie banner choice): stored in your device's localStorage, never transmitted to the server.

4) Emails sent voluntarily to privacy@/info@/[email protected]: processed only to reply. Retention: as long as needed to handle the request, max 24 months.

Legal basis

Access logs and download counters: legitimate interest (art. 6.1.f GDPR), namely service security and assessment of distributed application uptake.

Local preferences: implicit consent through use (art. 6.1.a) and technical necessity for the service requested (art. 6.1.b).

Received emails: performance of a request from the data subject (art. 6.1.b) and legitimate interest (art. 6.1.f).

External processors and non-EU transfers

To deliver the service the site relies on the following providers, acting as Processors under art. 28 GDPR:

• Hostinger International Ltd. — hosting provider (VPS server in Germany). Data remains within the European Economic Area. DPA available at hostinger.com/legal/privacy-policy.

• Cloudflare, Inc. — CDN, DDoS protection and TLS edge termination (servers distributed globally, parent company in USA). Traffic passes through Cloudflare before reaching the server. Cloudflare may retain technical security logs (request log, IP, user agent) for up to 30 days for abuse mitigation, under its own privacy policy (cloudflare.com/privacypolicy). Non-EU transfer is covered by Standard Contractual Clauses (SCC) approved by the European Commission (Decision 2021/914) and a Data Processing Addendum available at cloudflare.com/cloudflare-customer-dpa. Cloudflare is also certified under the EU-US Data Privacy Framework.

No other third party accesses the data. No analytics, advertising or profiling service is active on the site.

Cookies and equivalent technologies

The site uses only technical storage (localStorage) for user preferences and one technical Cloudflare cookie (__cf_bm) for automated bot mitigation. No cookies are used for profiling or marketing. See the Cookie Policy for details and management.

Your rights

Under articles 15-22 GDPR you may at any time request:

• access to your personal data (art. 15) • rectification of inaccurate data (art. 16) • erasure (art. 17) • restriction of processing (art. 18) • data portability in a structured format (art. 20) • objection to processing based on legitimate interest (art. 21) • not to be subject to automated decisions (art. 22, not practiced anyway) • lodge a complaint with the Supervisory Authority (art. 77, details in the dedicated section)

To exercise these rights, write to [email protected]. Your request will be handled within 30 days (art. 12 GDPR), free of charge, unless manifestly unfounded or repetitive. See the Rights page for detailed instructions and an email template.

Withdrawal of consent (art. 7.3 GDPR): for processing based on consent (technical preferences via localStorage) you may withdraw consent at any time by clicking 'Manage consent' in the site footer. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Note on retroactive identification: since we process only technical data (IP, user agent, URL, timestamp) and not profiling data, identifying a single data subject inside the logs may be impossible without additional information provided by you (e.g. date, time and IP of your connection). In that case we will ask you, under art. 11 GDPR, to provide such elements so that the request can be fulfilled.

Complaint to the Supervisory Authority

If you believe processing of your data breaches the GDPR, you may lodge a complaint with the Italian Data Protection Authority: Piazza Venezia 11, 00187 Rome — www.garanteprivacy.it — [email protected].

Data security

The site enforces TLS 1.2/1.3 for all communications (HTTPS), HSTS is active, the server is hardened with administrative access limited to cryptographic keys and fail2ban against unauthorized access. No data is stored in clear text on exposed systems.

Changes to this notice

This notice may be updated. The current version and date are shown at the bottom of the document. Substantial changes will be announced on the site at least 15 days in advance.

Version and date

Version 1.2 — Last revision: 13 May 2026.