Privacy Policy

1. Data Controller

The data controller for Erodea Hub is Eordea, contactable at massimo@eordea.it.

2. Data We Collect

2.1 Account Data

When you register, we collect:

• Username
• Email address
• Display name (optional)
• Password (stored hashed, never in plain text)

2.2 Synced User Data

When platforms sync user data through our API, we store:

• External user ID, username, email, nickname
• Account type, verification status
• Newsletter preference

We never store or process passwords from external platforms.

2.3 Technical Data

We automatically collect:

• IP addresses (for security and rate limiting)
• Request logs (endpoint, method, response code, timestamp)
• User agent strings

2.4 Cookie Data

See our Cookie Policy for details on cookies used.

3. How We Use Your Data

We process your data for:

• Service operation: Account authentication, API key management, platform synchronization
• Security: IP filtering, exploit detection, abuse prevention
• Communications: Service notifications, newsletters (opt-in only)
• Analytics: Aggregate usage statistics for service improvement

4. Legal Basis (GDPR Art. 6)

• Contract performance: Processing necessary to provide the Service (Art. 6(1)(b))
• Legitimate interests: Security, fraud prevention, service improvement (Art. 6(1)(f))
• Consent: Newsletter communications, optional features (Art. 6(1)(a))

5. Data Sharing

We do not sell, trade, or rent your personal data. Data may be shared with:

• Platform partners: Only the data they sync through our API, as authorized by you
• Service providers: Hosting (server infrastructure), email delivery (Google Gmail API)
• Legal authorities: When required by law or valid legal process

6. Data Retention

• Account data: Retained while your account is active; deleted within 30 days of account closure
• Request logs: Retained for 90 days for security analysis
• Banned IPs: Retained until ban expiry or manual removal
• Newsletter logs: Retained for 1 year

7. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access — Request a copy of your personal data
• Rectification — Correct inaccurate data
• Erasure — Request deletion of your data ("right to be forgotten")
• Restriction — Limit how we process your data
• Portability — Receive your data in a machine-readable format
• Objection — Object to processing based on legitimate interests
• Withdraw consent — Withdraw any previously given consent

To exercise these rights, contact massimo@eordea.it.

8. Data Security

We implement appropriate technical and organizational measures:

• TLS/SSL encryption for all data in transit
• Bcrypt hashing for passwords
• SHA-256 hashing for API keys
• CSRF protection on all forms
• Automatic IP banning for suspicious activity
• Rate limiting to prevent abuse

9. International Transfers

Data is stored and processed on servers located in Italy. If data is transferred outside the EEA, appropriate safeguards will be in place (Standard Contractual Clauses or adequacy decisions).

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

11. Changes

We may update this policy periodically. Changes will be posted on this page with an updated date.

12. Contact

For privacy-related inquiries:

• Email: massimo@eordea.it
• Website: hub.eordea.it