Legal
Effective date: March 25, 2026. This policy explains how NicheSpotted collects, uses, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Italian law.
The data controller is Salvatore Castellitti, based in Italy.
For any privacy-related request or inquiry, contact: s.castellitti.dev@gmail.com
We collect the following categories of personal data:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Account creation, authentication, transactional emails | Contract |
| Usage data (pages visited, features used, search queries) | Improving the service, analytics | Legitimate interest |
| Payment metadata (subscription status, plan) | Billing and access control | Contract |
| IP address | Security, fraud prevention, analytics | Legitimate interest |
| Device & browser type | Analytics, compatibility | Legitimate interest |
We do not collect payment card details. All payment processing is handled by Polar (polar.sh), which has its own privacy and security practices.
We do not collect or process sensitive personal data (health, religion, ethnicity, etc.).
We use the following analytics tools that may process your personal data:
Vercel Analytics does not use cookies and does not track individuals across sessions. No opt-out is required.
We use a minimal number of cookies:
We do not use advertising, tracking, or profiling cookies. You can manage cookies through your browser settings. Disabling strictly necessary cookies will prevent you from logging in.
We share your data only with:
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
We do not currently transfer personal data outside the EU/EEA for analytics purposes. If this changes, we will update this policy and rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
We retain your personal data for as long as your account is active. After you delete your account, your personal data is permanently deleted within 7 weeks.
Billing records and transaction logs are retained for 10 years as required by Italian accounting and tax law (D.P.R. 600/1973).
Anonymized, aggregated analytics data that cannot identify you may be retained indefinitely.
As an EU/EEA resident, you have the following rights regarding your personal data:
To exercise any of these rights, email s.castellitti.dev@gmail.com. We will respond within 30 days. We may ask you to verify your identity before processing the request.
If you believe we have processed your data unlawfully, you have the right to lodge a complaint with the Italian data protection authority:
Garante per la protezione dei dati personali
Website: garanteprivacy.it
Email: garante@gpdp.it
You may also contact the supervisory authority in your EU member state of residence.
NicheSpotted is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with their data, please contact us at s.castellitti.dev@gmail.com and we will delete it promptly.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, or destruction. These include encrypted connections (HTTPS), secure session management, and access controls.
No system is 100% secure. In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority as required by GDPR (within 72 hours of becoming aware).
We may update this Privacy Policy from time to time. We will notify you by email at least 14 days before any material changes take effect. The updated policy will always be available at this URL with a revised effective date.
Privacy questions? Email s.castellitti.dev@gmail.com and we will respond within 30 days.