Privacy Policy for Civilbox

Last Updated: June 16, 2025

1. Introduction

Welcome to Civilbox ("we", "us", or "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, civilbox.xyz (the "Service").

2. Data Controller

Domenico Gaudioso is the data controller responsible for your personal data. If you have any questions about this policy or our privacy practices, please contact us at: [email protected].

3. Data We Collect

We collect the following personal data:

• Identity Data: Your full name.
• Contact Data: Your email address.
• Authentication Data: Your password (which is always stored in a hashed, unreadable format).
• Technical and Usage Data: We may collect anonymous data about how you use our website through analytics services, as detailed in our Cookie Policy. This includes which services you use and events you trigger.

4. How We Use Your Data and Legal Basis

We use your data for the following purposes, relying on the specified legal basis:

• To create your account and provide you with access to our services. (Legal Basis: Performance of a contract with you).
• To authenticate you and maintain the security of your account and our services. (Legal Basis: Legitimate interest).
• To manage our relationship with you, including notifying you about changes to our terms or privacy policy. (Legal Basis: Performance of a contract, Legal obligation).
• To improve our website, services, and user experience through anonymized analytics. (Legal Basis: Your explicit consent, obtained via our cookie banner).

5. Data Sharing and Disclosure

We do not sell your personal data. We may share it with the following third parties:

• Google Analytics: To analyze website traffic and usage, but only if you provide consent. Your IP address is anonymized.

6. Data Retention

We will only retain your personal data for as long as your account is active or as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

7. Your Legal Rights

Under data protection law, you have rights including:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct any inaccurate or incomplete data.
• Right to Erasure: You can request that we delete your personal data.
• Right to Restrict Processing: You can ask us to suspend the processing of your personal data in certain circumstances.
• Right to Object: You can object to our processing of your data where we are relying on a legitimate interest.

To exercise these rights, please contact us at [email protected]. We are working on providing self-service tools on your profile page to make this even easier.

8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. All traffic is encrypted via HTTPS, and we use secure, httpOnly cookies for authentication.