[ PRIVACY POLICY ]
> cat /etc/westart/privacy.md
This privacy policy explains how westart.it processes data when you visit https://westart.it/. It complies with the EU General Data Protection Regulation (GDPR, Regulation 2016/679). Plain language has been preferred over legalese.
1. Who runs this site
Data controller: Marco Serritella, trading as Westart, Italy.
Contact: [email protected]
2. What we process
When you visit westart.it the following technical data is processed automatically:
- Your public IP address, as forwarded by Cloudflare
- Standard HTTP request headers (User-Agent, Accept-Language, Referer)
- Coarse geolocation derived from your IP by Cloudflare (city, region, country, timezone)
- Server access logs retained for at most 30 days for security and abuse mitigation
3. Cookies
westart.it uses only strictly necessary technical cookies set by our edge provider (Cloudflare) for security and load balancing. No consent is required under GDPR Article 6(1)(f) and the ePrivacy art. 5(3) exemption. We do not set marketing or analytics cookies.
4. Legal basis & purpose
- Service delivery (GDPR Art. 6(1)(b)) — the site cannot function without processing your IP.
- Security & abuse prevention (GDPR Art. 6(1)(f), legitimate interest).
5. Sub-processors
- Cloudflare, Inc. (US, SCCs in place) — CDN, DNS, DDoS protection, edge routing, Turnstile. Data may transit Cloudflare PoPs worldwide. [policy ↗]
- DigitalOcean LLC (EU region) — origin VPS for API endpoints and mail server.
6. Retention
Server access logs are kept for up to 30 days, then automatically rotated and deleted. We do not store the IPs of regular visitors beyond the request lifecycle.
7. Your rights
Under GDPR (Arts. 15–22) you can:
- Access the data we hold about you
- Request rectification, erasure, restriction or portability
- Object to processing based on legitimate interest
- Withdraw consent at any time (where consent is the legal basis)
- Lodge a complaint with your data protection authority (in Italy: Garante per la Protezione dei Dati Personali ↗)
To exercise any right, email [email protected]. We reply within 30 days, as required by Art. 12(3) GDPR.
8. Changes
We will update this page if our processing changes. The "Last updated" date below always reflects the most recent revision.
Last updated: 2026-05-18