Privacy Policy

1. Data controller

The data controller is Alessandro Fortunato, owner of the BYFE project.

For privacy-related requests, exercising your rights, or data management inquiries, you may use the contact form available on this site.

2. Personal data we process

We may process the following categories of personal data.

Data you provide voluntarily

When you submit a request via a form, we may collect:

• first and last name, if provided;
• email address;
• role, organization, or area of interest, if provided;
• the content of your message;
• any information you freely include in your beta access request.

Please do not submit sensitive data or information that is not necessary to evaluate your request.

Technical browsing data

While you browse the site, technical data may be processed as needed for proper operation, security, and maintenance, including:

• technical information generated by your connection;
• browser, device, and operating system data;
• technical logs and information required to protect infrastructure.

Aggregated analytics data

We use analytics tools to understand general site usage and to improve content, UX, and performance.

Such data is processed in aggregated form and is not used for advertising profiling.

3. Purposes of processing

Personal data is processed for the following purposes:

1. managing Private Research Beta access requests;
2. responding to information requests submitted via forms;
3. evaluating applications against the project's private research phase;
4. sending operational communications related to the beta, where applicable;
5. ensuring technical operation, security, and maintenance of the site;
6. analyzing aggregated site usage to improve content, user experience, and performance;
7. complying with legal obligations or requests from competent authorities.

4. Legal basis

Processing is based on the following legal grounds:

• pre-contractual measures or responding to your request, to handle applications, beta access requests, and related communications;
• legitimate interests of the controller, to ensure security, abuse prevention, technical maintenance, site improvement, and non-invasive aggregated analytics;
• consent, where required, for communications not strictly tied to your initial request or for tracking tools that require it;
• legal obligation, where processing is necessary to comply with applicable law.

5. Providing your data

Providing data via forms is voluntary.

However, failure to provide necessary data—such as a valid email address or the content of your request—may prevent us from evaluating your application or responding to you.

6. How we process data

Data is processed using electronic and telematic means, with reasonable technical and organizational measures to protect against unauthorized access, loss, misuse, or unauthorized disclosure.

Access is limited to authorized persons and technical providers necessary to deliver the service.

7. Service providers

We use third-party providers that may process personal data on our behalf or as part of the technical services they provide.

Supabase

Supabase may be used for database, authentication, storage, or beta request management, depending on active project features.

Resend

Resend may be used to send transactional email or operational communications related to beta access requests.

Vercel

Vercel is used for hosting, deployment, web infrastructure, and site performance.

Vercel Analytics

Vercel Analytics collects aggregated usage statistics such as pages visited, traffic, and general performance.

These insights are used to understand overall site use and to improve content, UX, and performance.

We do not currently use advertising trackers or marketing profiling tools.

8. Transfers outside the EEA

Some technical providers used by BYFE may be located or operate infrastructure outside the European Economic Area, including the United States or other countries.

Where required, transfers rely on appropriate safeguards under applicable law, such as Data Processing Addenda, Standard Contractual Clauses, or other recognized mechanisms.

9. Data retention

Data submitted through a beta access request is retained for as long as needed to evaluate the application, manage communications, and organize beta access.

Unless further retention is required, beta application data is kept for up to 24 months from submission, or for a shorter period if you request deletion and no conflicting legal obligations or legitimate interests apply.

Technical and security logs are retained only as long as necessary for operation, security, and maintenance, in line with our providers' policies.

Analytics data is processed in aggregated form and is not used to directly identify you.

10. Email communications

We may use the email address you provide to respond to your request, communicate the outcome of a beta application, send operational project information, or request further details.

We do not use your email for newsletters or unsolicited promotional communications unless you give specific consent or another legal basis applies.

11. Your rights

Subject to applicable law, you may exercise the following rights:

• access to your personal data;
• rectification of inaccurate data;
• erasure of your data;
• restriction of processing;
• objection to processing;
• data portability, where applicable;
• withdrawal of consent, where processing is based on consent.

To exercise your privacy rights, you may use the contact form available on this site.

12. Complaint to a supervisory authority

You have the right to lodge a complaint with the competent supervisory authority, including the Italian Data Protection Authority (Garante per la protezione dei dati personali), in accordance with applicable law.

13. Changes to this Privacy Policy

We may update this Privacy Policy to reflect technical, legal, or organizational changes to the project.

The updated version will be published on this page with the date of last update.