Privacy Policy

1. Introduction

Welcome to Agenzia in Cloud. This Privacy Policy describes how we collect, use, share, and protect your personal data when you use our SaaS platform for real estate agency management.

Agenzia in Cloud is committed to protecting user privacy and ensuring compliance with the European Union's General Data Protection Regulation (GDPR).

2. Data Controller

Svmedia di Simone Viagi
Address: Via 4 Novembre 2, 07100 Sassari, Sardinia, Italy
Phone: +39 349 321 6319
Email: info@svmedia.it
PEC: svmedia@pcert.postecert.it

3. Personal Data We Collect

3.1 Account Data

Registration information: email, password (encrypted), first name, last name, phone number
Organization information: company name, address, VAT number, tax data
Profile image: user avatar (optional)

3.2 CRM Client Data

If you use our CRM system, we collect and process on your behalf:

Client personal data (name, surname, email, phone)
Addresses and residence data
Tax codes and VAT numbers
Property preferences and budget
Notes and communications

3.3 Property Data

Property information (address, features, price)
Property photos and videos
Associated documentation

3.4 Usage Data

Browser and device information
IP address and approximate location data
Pages visited and features used
Access logs and platform activity

3.5 Payment Data

Billing information
Transaction history
Note: Credit card data is managed exclusively by Stripe, our PCI DSS certified payment service provider. We do not directly store credit card data on our servers.

4. Purpose of Processing

4.1 Service Provision

User account management and authentication
Platform functionality delivery
CRM, property, appointment, and contract management
Agency website creation and management
Affiliate and commission system

4.2 Communications

Transactional emails (confirmations, notifications, appointment reminders)
Service communications and important updates
Technical support and customer assistance
Newsletter (only with explicit consent)

4.3 Service Improvement

Usage analysis to improve user experience
New feature development
Technical issue resolution
Fraud prevention and security

4.4 Legal Compliance

Fulfillment of accounting and tax obligations
Response to requests from competent authorities
Protection of rights in legal proceedings

5. Legal Basis for Processing

Contract execution: to provide requested services
Consent: for newsletters and marketing communications
Legitimate interest: to improve service and prevent fraud
Legal obligation: for tax and regulatory compliance

6. Data Sharing with Third Parties

6.1 Service Providers

We share data only with trusted providers bound by confidentiality agreements:

Stripe: payment processing (PCI DSS certified)
Hosting providers: secure data storage in EU data centers
Email services: transactional communications
Analytics services: anonymized usage statistics

6.2 No Selling

We never sell your personal data to third parties for advertising or marketing purposes.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

Session cookies: to maintain authentication
Security cookies: CSRF protection

7.2 Affiliate Cookies

Affiliate tracking: 30-day duration, for proper commission attribution

7.3 Analytics Cookies (optional)

Anonymous usage statistics (only with consent)

You can manage cookies in your browser settings.

8. Data Security

8.1 Technical Measures

Encryption: SSL/TLS for all communications
Passwords: hashed with modern algorithms (bcrypt)
Database: PostgreSQL with limited access and authentication
Backups: automated daily encrypted backups

8.2 Organizational Measures

Data access limited to authorized personnel only
Staff training on data protection
Incident response procedures
Regular security audits

9. Data Retention

Active accounts: for the duration of the service
Deleted accounts: 30 days to allow recovery, then permanent deletion
Tax data: 10 years for regulatory compliance
System logs: 12 months

10. Your Rights (GDPR)

10.1 Right of Access

You can request a copy of your personal data in electronic format.

10.2 Right to Rectification

You can correct your data directly from the platform or by contacting us.

10.3 Right to Erasure

You can request deletion of your account and all associated data.

10.4 Right to Portability

You can receive your data in structured, readable format (JSON, CSV).

10.5 Right to Object

You can object to processing for direct marketing purposes.

10.6 Right to Restriction

You can request restriction of processing in certain cases.

10.7 How to Exercise Rights

To exercise your rights, contact us at: info@svmedia.it
We will respond within 30 days of the request.

11. Extra-EU Data Transfer

Your data is stored exclusively in data centers located in the European Union. In case of extra-EU transfer (e.g., Stripe USA), we use adequate protection mechanisms such as Standard Contractual Clauses approved by the European Commission.

12. Minors

The platform is not intended for minors under 16 years. We do not knowingly collect data from minors. If we become aware of data from minors collected inadvertently, we will proceed with their immediate deletion.

13. Privacy Policy Changes

We reserve the right to update this policy. In case of substantial changes, we will inform you via email and/or with a notice on the platform. Continued use of the service after changes constitutes acceptance of the new policy.

14. Complaints

If you believe your rights have been violated, you can file a complaint with the supervisory authority:

Italian Data Protection Authority
Piazza Venezia, 11 - 00187 Rome, Italy
Tel: +39 06.696771
Email: garante@gpdp.it

15. Contact

For questions about this policy or data processing:

Email: info@svmedia.it
Phone: +39 349 321 6319
Support: info@agenziaincloud.it
PEC: svmedia@pcert.postecert.it

Last update: January 2026