Matteo Greco

CTO & Software engineer

Privacy Policy

Last updated:

1. Who we are

This website is operated by Matteo Greco (“we”, “us”, or “our”).

We care about your privacy and aim to collect and process as little personal data as possible.

If you have any questions about this policy or how we handle data, you can reach us at [email protected].

2. What data we collect and why

Website analytics

We use Umami, a privacy-focused analytics platform, to understand general trends such as which pages are most visited.

  • Umami is delivered via Cloudflare Zaraz.
  • It does not use cookies, local storage, or any identifiers.
  • No personal data is collected or stored.
  • Data is processed in aggregated form only.

Our legal basis under Article 6(1)(f) GDPR is our legitimate interest in maintaining and improving our website.

Contact and comment forms

When you send us a message or leave a comment, we collect:

  • Your first and last name
  • Your email address
  • The content of your message
  • Your consent to our privacy policy
  • Your consent to subscribing to our newsletter
  • Your IP address

This information is used only to reply to your request or to display your comment, to prove consent, and to prevent abuse.
Messages are stored securely in our WordPress database and sent via Postmark (transactional email service) to our Google Workspace inbox.
Postmark does not track email opens or clicks.

Data is kept only as long as necessary to respond to your inquiry.
(If you prefer, we can delete your message at any time — just ask.)

Our legal basis is Article 6(1)(b) GDPR (performance of a contract or pre-contractual steps) and Article 6(1)(f) (legitimate interest in communication).

Security and hosting

Our website is hosted on Hetzner (EU-based), and protected by Cloudflare for DNS, caching, and DDoS prevention.
Cloudflare may process minimal technical information (such as IP addresses) for security purposes.
This is covered under Article 6(1)(f) GDPR — legitimate interest in keeping our site secure and functional.

Cloudflare also provides Turnstile, a CAPTCHA alternative used on forms to block spam and abuse.
Turnstile sets a functional cookie (cf.turnstile.u) for this purpose only.
It does not track users for advertising or analytics.

3. Data location and transfers

We aim to keep all data within the European Union.
Where service providers (like Cloudflare or Postmark) operate internationally, data may transit through other regions, but always under GDPR-compliant safeguards such as the EU Standard Contractual Clauses (SCCs).

4. How long we keep data

  • Form submissions: kept only as long as needed to respond.
  • Comments: remain published until you request removal.
  • Analytics data: aggregated, non-personal, and not tied to individuals.

5. Your rights under GDPR

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Withdraw consent (if ever applicable)
  • Lodge a complaint with the Garante per la protezione dei dati personali (Italy’s data protection authority)

To exercise any of these rights, just contact us at [email protected].

6. Changes

We may update this policy from time to time.
Any changes will be posted on this page with a new “last updated” date.