Privacy Policy

Tepilora S.R.L., Corso di Porta Ticinese 60, 20123 Milano, Italy. VAT: IT11553700961. We are the data controller under EU Regulation 2016/679 (GDPR).

Contact: privacy@tepiloradata.com

Account information — Name and email address provided during registration. — Name and email address provided during registration.

Payment information — Processed entirely by Stripe. We never store card numbers or banking details. — Processed entirely by Stripe. We never store card numbers or banking details.

API usage data — Endpoints called, timestamps, IP addresses, and response codes for service monitoring and rate limiting. — Endpoints called, timestamps, IP addresses, and response codes for service monitoring and rate limiting.

Analytics queries — Tickers searched and functions used, to improve the service. — Tickers searched and functions used, to improve the service.

Session data — Login times, device type, and browser information for security purposes. — Login times, device type, and browser information for security purposes.

Contract performance — Account management, subscription handling, and API access provision. — Account management, subscription handling, and API access provision.

Legitimate interest — Service improvement, usage analytics, and security monitoring. — Service improvement, usage analytics, and security monitoring.

Consent — Marketing communications (optional, withdrawable at any time). — Marketing communications (optional, withdrawable at any time).

Stripe (payments) — US-based, EU-US Data Privacy Framework certified. (payments) — US-based, EU-US Data Privacy Framework certified.

Hetzner (hosting) — Germany, fully GDPR compliant. All data stored in the EU. (hosting) — Germany, fully GDPR compliant. All data stored in the EU.

Google Fonts (typography) — CDN font loading. No personal data collected. (typography) — CDN font loading. No personal data collected.

Account data — Retained while your account is active, plus 30 days after deletion request. — Retained while your account is active, plus 30 days after deletion request.

API logs — 90 days. — 90 days.

Payment records — 10 years (Italian tax law requirement). — 10 years (Italian tax law requirement).

Analytics queries — 30 days. — 30 days.

Under GDPR, you have the right to: access, rectification, erasure, data portability, restriction of processing, and objection. You can withdraw consent at any time.

To exercise any right, contact privacy@tepiloradata.com. We will respond within 30 days.

You may lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

Your data is primarily stored in the EU (Hetzner, Germany). Payment data is processed by Stripe under the EU-US Data Privacy Framework. No data is transferred to countries without adequate protection.

We implement TLS 1.3 encryption, AES-256 at rest, rate limiting, and infrastructure hardening. For full details, see our Security page..