Privacy Policy
Privacy Policy
Last updated: January 2025
This Privacy Policy describes how BlackTrails, operated by [Your Name/Business Name], with registered office in Italy (P.IVA: [Your VAT Number]), processes personal data as Data Controller in accordance with EU Regulation 2016/679 (GDPR).
1. Data Controller
Data Controller: [Your Name/Business Name]
Address: [Your Address]
Email: privacy@blacktrails.it
Website: blacktrails.it
2. Types of Data Collected
2.1 Account Information
When you register, we collect:
- Full name
- Email address
- Password (encrypted using industry-standard hashing)
- Profile preferences
2.2 AI Chat Data
When you use our AI assistant, we collect:
- Chat messages: Content of your conversations with the AI
- Safety logs: Messages flagged by our content moderation system
- Error logs: Technical errors and violation attempts
- Timestamps: Date and time of interactions
Storage details:
- Chat messages are stored in our primary database
- Safety violations are logged in a dedicated
ai_errorstable - Only the first 500 characters of flagged messages are stored to minimize data retention
2.3 Technical Data
- IP address
- Browser type and version
- Device information
- Access timestamps
- Pages visited
2.4 Cookies
We use the following types of cookies:
- Essential cookies: Required for platform functionality (authentication, session management)
- Analytics cookies (optional): To understand usage patterns and improve services
For detailed information, see our Cookie Policy.
3. Purpose of Processing
We process your data for the following purposes:
3.1 Service Provision (Legal basis: Contract execution)
- Create and manage your account
- Provide access to documentation and community features
- Enable AI chat functionality
- Technical support
3.2 Platform Safety (Legal basis: Legitimate interest)
- Detect and prevent content policy violations
- Monitor AI chat for prohibited content (hate speech, explicit material, spam)
- Log violation attempts for security analysis
- Prevent abuse and protect other users
3.3 Service Improvement (Legal basis: Legitimate interest)
- Analyze usage patterns to improve AI responses
- Identify bugs and technical issues
- Develop new features aligned with user needs
3.4 Legal Compliance (Legal basis: Legal obligation)
- Respond to legal requests from authorities
- Comply with Italian and EU regulations
- Maintain audit trails for security incidents
4. Third-Party Services and Data Sharing
We use the following external services that may process your data:
4.1 Infrastructure Providers
- Vercel (hosting): Deploys and hosts our platform (USA/EU data centers)
- Neon Database (PostgreSQL): Stores user accounts, chats, and safety logs (AWS infrastructure, EU region)
4.2 AI Services
- Google Gemini API: Processes chat messages to generate AI responses
- Messages are sent to Google's servers for processing
- Google's data processing terms: ai.google.dev/terms
- We use Gemini 2.5 Flash model
- Google does not use your data to train models without consent
4.3 Analytics (if enabled)
- [Your analytics provider]: Tracks anonymous usage statistics
- You can opt out via cookie preferences
4.4 No Data Sales
We never sell your personal data to third parties.
5. Data Retention
5.1 Account Data
- Retained while your account is active
- Deleted within 30 days of account deletion request
5.2 AI Chat History
- Regular chats: Retained indefinitely unless you delete them manually
- Deleted chats: Permanently removed within 7 days
5.3 Safety Logs (ai_errors table)
- Retention period: 90 days from creation
- Automatic deletion: Old logs are purged quarterly
- Purpose: Security analysis and trend detection
5.4 Technical Logs
- IP addresses and access logs: 30 days
- Error logs (server-side): 90 days
6. International Data Transfers
Some of our service providers operate servers outside the European Economic Area (EEA):
- Vercel: USA-based with EU data centers (Standard Contractual Clauses)
- Neon Database: AWS EU region (Frankfurt) - data stays in EU
- Google Gemini: USA-based (Standard Contractual Clauses per Google Cloud terms)
All transfers comply with GDPR requirements through adequacy decisions or appropriate safeguards.
7. Data Security
We implement the following security measures:
- Encryption: HTTPS for all connections, encrypted passwords (bcrypt)
- Access controls: Role-based permissions, admin-only access to safety logs
- Database security: Neon PostgreSQL with connection pooling and IP restrictions
- Monitoring: Real-time alerts for suspicious activity
- Backups: Automated daily backups with 7-day retention
Despite these measures, no system is 100% secure. We encourage users to choose strong passwords and enable two-factor authentication (if available).
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
8.1 Right of Access (Art. 15 GDPR)
Request a copy of all personal data we hold about you.
8.2 Right to Rectification (Art. 16 GDPR)
Correct inaccurate or incomplete data.
8.3 Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)
Request deletion of your data, except where retention is required by law.
8.4 Right to Restriction (Art. 18 GDPR)
Limit processing of your data in certain circumstances.
8.5 Right to Data Portability (Art. 20 GDPR)
Receive your data in a structured, machine-readable format (JSON export available).
8.6 Right to Object (Art. 21 GDPR)
Object to processing based on legitimate interest (e.g., analytics).
8.7 Right to Withdraw Consent (Art. 7 GDPR)
Where processing is based on consent, you can withdraw it at any time.
8.8 Right to Lodge a Complaint
If you believe we've violated GDPR, you can file a complaint with:
- Italian Data Protection Authority (Garante Privacy): garanteprivacy.it
9. How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: privacy@blacktrails.it
Subject line: "GDPR Request - [Your Right]"
Include: Your account email and specific request
We will respond within 30 days (as required by GDPR).
10. Children's Privacy
BlackTrails is not intended for users under 16 years old.
If we discover that a minor has created an account, we will delete it immediately and notify the email address provided.
Parents/guardians who believe their child has provided data without consent should contact us immediately.
11. AI-Specific Privacy Considerations
11.1 What We Log
- Normal usage: Chat messages, timestamps, user preferences
- Policy violations: Flagged messages (first 500 chars), error type, timestamp
- Purpose: Safety, abuse prevention, service improvement
11.2 What We Don't Log
- Passwords (only encrypted hashes)
- Payment information (if applicable in future)
- Private messages between users (unless reported)
11.3 AI Training
Your chat data is not used to train Google's models unless you explicitly opt in to a research program (currently not available).
12. Changes to This Policy
We may update this Privacy Policy to reflect:
- Changes in services or features
- New legal requirements
- Improvements to data protection practices
Notification method:
- Material changes: Email notification + banner on the platform
- Minor updates: Published on this page with updated date
Continued use after changes constitutes acceptance. If you disagree, you may delete your account.
13. Contact Us
For privacy-related questions or concerns:
Email: privacy@blacktrails.it
General inquiries: info@blacktrails.it
Data Protection Officer (if applicable): [DPO contact or "Not required for this organization size"]
Effective Date: January 15, 2025
Version: 1.1
[Your Name/Business Name] : Francesco Pelosio
P.IVA: 14037001006
Address: Largo Pietro Mascagni 20 Roma , Italy