← Back to Home

Privacy Policy

Last updated: 21 April 2026

1. Data Controller

The data controller for aibilia.com is:

Andrea Feo
P.IVA 05310510267
Email: admin@aibilia.com

For any privacy-related inquiry, contact us at the email address above.

2. What Data We Collect

We collect personal data in two cases:

2.1 Contact form (explicit submission)

• Name
• Email address
• Company name
• Website URL
• Message content
• Technical metadata: IP address, user-agent, page of origin, UTM parameters (if present), session identifier

2.2 First-party analytics (with your consent)

If you grant analytics consent via the cookie banner, we set one first-party cookie (aib_sid, 30-day expiry) to measure aggregated site usage: pages visited, scroll depth, click events on calls-to-action, form interactions, traffic source (referrer and UTM parameters), approximate device type, browser, operating system and language. The cookie contains a random session identifier only — no personal data. Analytics data is stored on our own servers in the European Union (Hetzner, Germany); no third-party analytics provider is involved by default. If you decline consent, no analytics cookie is set and no events are recorded.

See our Cookie Policy for the full list of cookies and storage mechanisms.

3. How We Use Your Data

Purpose	Legal Basis (GDPR Art. 6)
Responding to your inquiry	Art. 6(1)(b) — Pre-contractual measures
Sending the requested AI audit report	Art. 6(1)(b) — Pre-contractual measures
Following up on business opportunities	Art. 6(1)(f) — Legitimate interest
Aggregated site analytics (traffic source, navigation, conversion funnel)	Art. 6(1)(a) — Consent (granular, via cookie banner)
Security, abuse prevention, spam filtering (honeypot, rate-limiting)	Art. 6(1)(f) — Legitimate interest

We do not use your data for automated decision-making or profiling in a way that produces legal or similarly significant effects.

4. Data Processors

Contact form submissions and analytics data are processed on our own infrastructure hosted by Hetzner Online GmbH (Germany, EU). No data processor outside the EU receives personal data from our site as part of standard operations.

Outbound notification emails are sent via Google (Gmail SMTP) from our administrative mailbox. Google acts as a sub-processor for email transit. Google's privacy policy applies: policies.google.com/privacy.

Cal.com Inc. (Delaware, USA) is engaged as data processor for optional discovery-call bookings. When you choose to book a call — either by clicking the "Book a free call" link, by ticking the booking option on the contact form, or by responding to the audit popup — the booking details you provide (name, email, selected time slot, optional notes, timezone) are processed by Cal.com to schedule the meeting and deliver calendar invitations. Cal.com sends us webhook notifications about new, rescheduled and cancelled bookings; these notifications are stored on our EU infrastructure and linked to your lead record where applicable. The transfer to Cal.com is performed on the legal basis of your explicit consent (your click on the booking link) and is covered by Standard Contractual Clauses. See cal.com/privacy and cal.com/security.

We no longer use Formspree or any third-party form processor for initial contact requests.

5. Third-Party Resources

This website loads resources from external CDNs:

• Google Fonts (fonts.googleapis.com / fonts.gstatic.com) — Your IP address is transmitted to Google when fonts are loaded. Google's privacy policy applies.
• cdnjs / Cloudflare (cdnjs.cloudflare.com) — GSAP animation library is loaded from Cloudflare's CDN. Your IP address is transmitted to Cloudflare.

No data is shared with these providers beyond what is inherent in standard HTTP requests (IP address, browser user-agent, referrer).

6. Data Retention

• Contact form data: Retained for 24 months from submission, or until the business relationship concludes, whichever is later.
• Analytics session records (aibilia.site_sessions, aibilia.site_events): Retained for 12 months, then automatically deleted.
• First-party analytics cookie (aib_sid): 30 days in your browser. Removed immediately if you withdraw analytics consent.
• Consent record (aib_consent in localStorage): Persists in your browser until you clear it or reset preferences via the cookie settings link.

After the retention period, personal data is permanently deleted. Aggregated, fully anonymised statistics may be retained indefinitely for historical comparison.

7. Your Rights

Under GDPR (Articles 15–22), you have the right to:

• Access — Request a copy of all personal data we hold about you
• Rectification — Correct inaccurate or incomplete data
• Erasure — Request deletion of your data ("right to be forgotten")
• Restriction — Limit how we process your data
• Portability — Receive your data in a structured, machine-readable format
• Objection — Object to processing based on legitimate interest
• Withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any right, email admin@aibilia.com with the subject line "GDPR Request". We will respond within 30 days. See our GDPR Rights page for full details.

8. Supervisory Authority

If you believe your data protection rights have been violated, you may lodge a complaint with:

Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma, Italy
Website: www.garanteprivacy.it
Email: protocollo@gpdp.it

9. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top will be revised accordingly. Continued use of the website after changes constitutes acceptance.