> cat privacy_policy.txt

Privacy Policy

Pursuant to Art. 13 EU Regulation 2016/679 (GDPR)

This privacy policy explains how serritella.cloud processes data when you visit https://serritella.cloud/. It complies with the EU General Data Protection Regulation (GDPR, Regulation 2016/679). Plain language has been preferred over legalese.

1. Who runs this site

Data controller: Marco Serritella, trading as Westart, Italy.
Contact: [email protected]

2. What we process

When you visit serritella.cloud the following technical data is processed automatically:

  • Your public IP address, as forwarded by Cloudflare
  • Standard HTTP request headers (User-Agent, Accept-Language, Referer)
  • Coarse geolocation derived from your IP by Cloudflare (city, region, country, timezone)
  • Server access logs retained for at most 30 days for security and abuse mitigation

If you submit a contact form on this site, we additionally process the email address and the message body you provide. Submissions are protected by Cloudflare Turnstile (no biometrics — only a transient challenge token).

3. Cookies

serritella.cloud uses only strictly necessary technical cookies set by our edge provider (Cloudflare) for security and load balancing. No consent is required under GDPR Article 6(1)(f) and the ePrivacy art. 5(3) exemption. We do not set marketing or analytics cookies.

4. Legal basis & purpose

  • Service delivery (GDPR Art. 6(1)(b)) — the site cannot function without processing your IP.
  • Security & abuse prevention (GDPR Art. 6(1)(f), legitimate interest).
  • Pre-contractual contact (Art. 6(1)(b)) for messages you submit.

5. Sub-processors

  • Cloudflare, Inc. (US, SCCs in place) — CDN, DNS, DDoS protection, edge routing, Turnstile. Data may transit Cloudflare PoPs worldwide. [policy ↗]
  • DigitalOcean LLC (EU region) — origin VPS for API endpoints and mail server.
  • Westart Mail (self-hosted, EU) — outbound delivery of form submissions to the data controller.

6. Retention

Server access logs are kept for up to 30 days, then automatically rotated and deleted. Contact form messages are retained for up to 12 months, then deleted unless an active engagement requires longer storage. We do not store the IPs of regular visitors beyond the request lifecycle.

7. Your rights

Under GDPR (Arts. 15–22) you can:

  • Access the data we hold about you
  • Request rectification, erasure, restriction or portability
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (where consent is the legal basis)
  • Lodge a complaint with your data protection authority (in Italy: Garante per la Protezione dei Dati Personali ↗)

To exercise any right, email [email protected]. We reply within 30 days, as required by Art. 12(3) GDPR.

8. Changes

We will update this page if our processing changes. The "Last updated" date below always reflects the most recent revision.

Last updated: 2026-05-18