Zo byšće rozšěrjenja Android wužiwał, trjebaće Firefox za Android. Zo byšće přidatki za Firefox za desktop wuslědźił, wopytajće prošu naše desktopowe websydło.

Přizjewić
Přidatkowy symbol

Prawidła priwatnosće za Authored

Authored wot Roberto Tucci

0 z 5 hwěžkow
5
0
4
0
3
0
2
0
1
0
Prawidła priwatnosće za Authored

Privacy Policy
Version 1.0

Last Updated: April 2026
Authored Technology s.r.l. — Via Emilia Parmense 129, 29122, Piacenza, Italy

  1. Data Controller
    The Data Controller for personal data processed through the Authored platform is:
    Authored Technology s.r.l.
    Via Emilia Parmense 129, 29122, Piacenza, Italy
    Email: privacy@authored.tech
    DPO: dpo@authored.tech
  2. Controller vs. Processor Roles
    2.1 Authored as Data Controller (B2C)
    Authored Technology s.r.l. acts as Data Controller for all personal data collected directly from individual users: account data, billing data, biometric behavioural data and technical data.

2.2 Authored as Data Processor (B2B)
Where a Business Customer accesses the platform via API or SSO and transmits personal data relating to its employees, clients or third parties, the Business Customer acts as Data Controller and Authored acts as Data Processor under a separate Data Processing Agreement (DPA).
  1. Categories of Personal Data Processed
    Category Type of Data Required
    Account Data Full name, email, profile picture (Google OAuth), company name (B2B) Mandatory
    Financial Data Billing address, VAT number, payment history. Credit card data processed exclusively by Stripe (PCI-DSS Level 1) — never stored by Authored. Mandatory for billing
    Biometric Behavioural Data (Art. 4(14) GDPR) Keystroke timing metadata: dwell time, flight time, aggregate session statistics. Textual content is NEVER collected. Requires explicit consent (Art. 9(2)(a))
    Technical & Usage Data IP address, browser type, device info, access and activity logs Legitimate interest
    Session Data Session ID, timestamps, keystroke event counters, aggregate statistics Mandatory for the Service
    ZERO-KNOWLEDGE TEXT ARCHITECTURE: The textual content typed by the user is NEVER transmitted to, stored on, or analysed by Authored's servers. This is a structural technical guarantee (Privacy by Design, Art. 25 GDPR).
  2. Biometric Data — Processing Under Art. 9 GDPR
    Keystroke dynamics metadata constitutes biometric data within Art. 4(14) GDPR. Authored processes such data exclusively on the basis of EXPLICIT CONSENT (Art. 9(2)(a) GDPR).

Starting from the fifth certified session, Authored builds a Biometric Behavioural Profile for each user — a statistical vector stored in pseudonymised form. The Profile does NOT allow reconstruction of textual content. Users may withdraw consent at any time via Settings > Privacy. Upon withdrawal, the Profile will be permanently deleted within 60 days.
  1. Purposes and Legal Basis
    Purpose Data Legal Basis
    Certification Service Account, Session, Biometric Art. 6(1)(b) + Art. 9(2)(a)
    Billing & Tax Financial Art. 6(1)(b) + Art. 6(1)(c)
    AI Model Improvement Anonymised data only Art. 6(1)(f)
    Service Communications Email Art. 6(1)(b)
    Marketing (opt-in only) Email Art. 6(1)(a)
  2. Automated Decision-Making (Art. 22)
    The authenticity score is a probabilistic assessment. It does NOT automatically produce decisions with legal or similarly significant effects. Human oversight is required.
  3. Sub-Processors
    Sub-Processor Service Location Safeguard
    Google Cloud Platform Cloud infrastructure, databases, AI models EU — Frankfurt BCR / SCCs
    Stripe Inc. Payment processing, billing USA DPF + SCCs
    Google LLC (OAuth) Authentication USA/EU DPF + SCCs
    Cloud Memorystore (Redis) Session caching, rate limiting EU — Frankfurt Google BCR
    Full list: /sub-processors
  4. International Transfers (Art. 44–49)
    Data is primarily stored in the EU (Google Cloud, Frankfurt). Transfers to the USA are protected by the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs).
  5. Data Retention
    Category Retention
    Account & Session Data Active subscription + 30 days
    Financial Data & Invoices 10 years (legal obligation)
    Biometric Profile Active account + 60 days after withdrawal
    Security Logs Up to 24 months
    Typed Text NEVER stored
  6. Security Measures (Art. 32)
    Encryption in transit (TLS 1.2+) and at rest
    Pseudonymisation of biometric profiles
    Zero-Knowledge text architecture
    Role-based access control
    Structured logging of all operations
    DPIA conducted for biometric processing
  7. California Privacy Rights (CCPA/CPRA)
    If you are a California resident, you have the right to: know what personal information we collect, request deletion, request correction, opt-out of sale/sharing (Authored does NOT sell personal information), and non-discrimination. Contact: privacy@authored.tech.
  8. Your Rights (Art. 15–22)
    Right Article How to Exercise
    Access Art. 15 Email or Settings
    Rectification Art. 16 Email or Settings
    Erasure Art. 17 Email or "Delete Account"
    Restriction Art. 18 Email
    Portability Art. 20 Email (CSV/JSON)
    Object Art. 21 Email
    Withdraw Consent Art. 7(3) Settings > Privacy
    Lodge Complaint Art. 77 Your local DPA or Garante (Italy)
  9. Minors
    The Service is not directed to individuals under 18. We do not knowingly collect data from children.
  10. Contact
    Email: privacy@authored.tech
    DPO: dpo@authored.tech
    Lead supervisory authority: Garante per la Protezione dei Dati Personali (Italy) — www.garanteprivacy.it

LEGAL DISCLAIMER: This document is prepared for Authored Technology s.r.l. based on the GDPR and applicable law. Prior to final publication, review by a qualified attorney specialising in data protection and technology law is strongly recommended.