This Privacy Policy describes how Authored ("we", "us", "our") collects, uses and protects personal data when you visit authored.tech (the "Site") or join our early-access waitlist. We are committed to a privacy-first, zero-knowledge architecture: we cannot capture what we never receive.
1. Data Controller
The data controller responsible for your personal data is:
Roberto TucciAuthored — authored.tech
Italy
Email: roberto.tucci@authored.tech
For any privacy-related question or to exercise your rights under the GDPR (Regulation (EU) 2016/679), please contact us at the email above. We respond within 30 days.
2. What Data We Collect
2.1 Waitlist email address
When you submit your email through the waitlist form, we store:
- Your email address (lowercased and trimmed)
- The timestamp of your submission
Legal basis: consent (Art. 6(1)(a) GDPR), provided explicitly when you submit the form.
Purpose: notify you when Authored launches and provide early-access information.
Retention: until you withdraw consent or for a maximum of 24 months from the launch date, whichever comes first.
Storage: MongoDB Atlas, EU-Frankfurt region (europe-west3).
2.2 Analytics data (consent-gated)
We use Google Analytics 4 with Consent Mode v2 to understand how visitors interact with the Site. No analytics data is sent until you explicitly grant consent through the cookie banner. When granted, we collect:
- Pseudonymous client identifier (cookie)
- Pages viewed and section visibility events
- Truncated/anonymized IP address
- Device type, browser, operating system
- Approximate location (country/region only)
Legal basis: consent (Art. 6(1)(a) GDPR), revocable at any time through the "Cookie Settings" link in the footer.
Purpose: measure Site usage and improve content.
Retention: 14 months (Google Analytics default).
Processor: Google Ireland Limited.
2.3 Behavioral biometric data (product, not Site)
The behavioral biometric capture described elsewhere on this Site refers to the future Authored product, not the marketing Site you are currently visiting. The Site itself does not capture keystroke dynamics, typing rhythm, or any behavioral biometric signal. When the product launches, a separate, more detailed privacy notice will govern that processing.
2.4 Server logs
Our hosting provider (Google Cloud Run, EU-Frankfurt region) automatically logs technical request data (IP address, user agent, timestamp, requested path, response status) for security and debugging purposes.
Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in maintaining Site security and availability.
Retention: 30 days, then automatically deleted.
3. How We Use Your Data
We use your personal data exclusively to:
- Notify you when Authored launches
- Send occasional product updates (only if you opted in)
- Measure aggregate Site usage (consent-gated)
- Detect and prevent abuse, fraud or security incidents
- Comply with legal obligations
We do not sell, rent or trade your personal data. We do not build advertising profiles. We do not share your data with third parties for marketing purposes.
4. Sub-processors
We rely on the following data processors, each bound by a Data Processing Agreement:
- Google Cloud Platform (Ireland) — Cloud Run hosting, EU-Frankfurt region
- MongoDB Atlas (Ireland) — waitlist email storage, EU region
- Google Analytics (Ireland) — Site analytics, only after consent
All processors are located within the European Economic Area or covered by Standard Contractual Clauses (SCCs) for international data transfers.
5. Cookies
The Site uses the following cookie categories:
- Strictly necessary: session cookie, consent state cookie. Always active, no consent required.
- Analytics: Google Analytics 4 cookies (_ga, _ga_*). Active only after explicit consent.
You can manage your preferences at any time through the "Cookie Settings" link in the Site footer.
6. Your Rights Under the GDPR
You have the right to:
- Access the personal data we hold about you (Art. 15)
- Rectify inaccurate or incomplete data (Art. 16)
- Erase your data ("right to be forgotten", Art. 17)
- Restrict processing (Art. 18)
- Data portability in a structured, machine-readable format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time, without affecting the lawfulness of prior processing (Art. 7)
To exercise any of these rights, contact us at roberto.tucci@authored.tech. We respond within 30 days.
7. Right to Lodge a Complaint
If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Italian data protection authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it or with the supervisory authority of your country of residence within the European Union.
8. Data Security
We implement industry-standard technical and organizational measures to protect your data, including TLS/HTTPS for all communications, encryption at rest, principle of least privilege for access controls, and regular security reviews. Despite these measures, no system is 100% secure; if a data breach occurs and is likely to result in a high risk to your rights, we will notify you and the relevant supervisory authority within 72 hours, as required by Art. 33 and 34 GDPR.
9. Children's Privacy
The Site is not directed to children under 16. We do not knowingly collect data from minors. If you believe a child has submitted personal data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy occasionally to reflect changes in our practices or for legal reasons. The "Last updated" date at the top of this page indicates when the latest revision took effect. We will notify waitlist subscribers by email of material changes.