Privacy Policy

In accordance with Regulation (EU) 2016/679 ("GDPR"), this notice describes how personal data of users visiting the website https://capedtech.com and its related subsections, including the page dedicated to TataHub, is processed.

1. Data Controller

The Data Controller is CapedTech, with address at Via Gioberti, 33010 Tavagnacco, Italy, contactable at the email address: privacy@capedtech.com.

2. Types of Data Processed

Navigation data and analytics

  • Technical information automatically transmitted by the browser (e.g., IP address, device type, browser, pages visited, request time, duration of visit), processed via Vercel Analytics for statistical purposes, security, and improvement of the user experience on the site.
  • This data is processed in aggregated or pseudonymized form and does not allow direct identification of the user.

    • Data provided voluntarily

  • Email address of the user who voluntarily subscribes to the TataHub waiting list through the subscription form on the site.
  • Any other data that the user voluntarily enters in contact forms, where present.

    • 3. Purposes and Legal Basis of Processing

    Personal data is processed for the following purposes:

    Functioning and security of the site

  • Purpose: to ensure the correct technical functioning of the site, the security of the infrastructure, the prevention of abuse or fraudulent activities, and the measurement of traffic and engagement.
  • Legal basis: legitimate interest of the Data Controller (art. 6, par. 1, letter f GDPR).
  • Data concerned: navigation data, IP, access logs.

    • Management of the waiting list and TataHub communications

  • Purpose: to manage the subscription to the TataHub waiting list, to send informational and promotional communications regarding the development of TataHub and related services (e.g., notifications of app availability, feature updates, beta testing invitations, commercial communications in line with TataHub services).
  • Legal basis: consent of the data subject (art. 6, par. 1, letter a GDPR). Subscription to the waiting list implies consent to receive email communications according to the purposes stated above.
  • Data concerned: email address, possibly date and time of subscription.

    • Compliance with legal obligations

  • Purpose: to fulfill obligations provided for by law, regulations, or authority requests.
  • Legal basis: legal obligation (art. 6, par. 1, letter c GDPR).

    • 4. Methods of Processing and Retention Times

    Personal data is processed with electronic and telematic tools in accordance with principles of fairness, lawfulness, transparency, and minimization.

    Navigation data and server logs

  • Retained for the time strictly necessary for technical and security purposes and analytics of the site.
  • Vercel, the hosting provider, manages its own logs according to standard retention policies; users are referred to the Vercel Privacy Policy for specific details.

    • Waiting list data (email)

  • Retained for up to 15 years from the last useful contact with the user (e.g., from the last click on an email communication, from the last subscription, or from the user's first declared contact), after which they will be automatically deleted.
  • If the TataHub app becomes available, the email addresses on the waiting list may be used for communications directly related to TataHub (e.g., notifications of availability on the Play Store, invitations to use the app, support communications, and marketing in line with TataHub services).
  • The user may request immediate deletion at any time via the opt-out link included in every email or by contacting the Data Controller.

    • 5. Communication and Transfer of Data

    Personal data may be processed, on behalf of the Data Controller, by external providers offering technical and communication services:

  • Brevo (Sendinblue SAS, French company): for the management of the waiting list and the sending of email communications. Brevo is appointed Data Processor pursuant to art. 28 GDPR.
  • Vercel (US company with global operations): for site hosting, deployment, and analytics. Vercel is appointed Data Processor pursuant to art. 28 GDPR.

    • These entities process data according to documented instructions of the Data Controller and in accordance with their terms of service. Both operate in compliance with GDPR.

    Transfers to countries outside the EU

    Brevo and Vercel may involve transfers of data to countries outside the European Economic Area (EEA), including the United States. The Data Controller undertakes to adopt the safeguards provided for by GDPR for such transfers (including, where applicable, adequacy decisions by the European Commission or standard contractual clauses). For further details, please refer to the privacy policies of Brevo and Vercel.

    Absence of public disclosure

    Data will not be disclosed to the public, sold, or transferred to third parties outside of what is described in this notice.

    6. Rights of Data Subjects

    As a data subject, the user may exercise at any time the rights provided for in articles 15–22 of the GDPR, including:

  • Right of access to personal data (art. 15);
  • Right to rectification or update of data (art. 16);
  • Right to erasure ("right to be forgotten") (art. 17);
  • Right to restriction of processing (art. 18);
  • Right to object to processing (art. 21);
  • Right to data portability, where applicable (art. 20);
  • Right to withdraw consent at any time without prejudice to the lawfulness of processing prior to withdrawal (art. 7);
  • Right not to be subject to a decision based solely on automated processing, including profiling (art. 22), where applicable.

    • To exercise these rights, users may contact the Data Controller at the email address privacy@capedtech.com, clearly specifying the right they wish to exercise and attaching a copy of a valid identity document.

    The Data Controller will respond to the request within 30 days of receipt, in accordance with GDPR requirements.

    Users also have the right to lodge a complaint with the Data Protection Authority (in Italy, the Garante per la protezione dei dati personali, www.garanteprivacy.it), or with the competent supervisory authority of the Member State of habitual residence, place of work, or place where the alleged infringement occurred, if they believe that the processing violates their rights.

    7. Cookies and Tracking Tools

    The site uses technical and session cookies necessary for the correct functioning and security of the site. These do not require specific consent as they are essential.

    Regarding profiling cookies or third-party analytics tools, an appropriate banner will be displayed to collect consent (where necessary) and a detailed cookie policy will be made available.

    Currently, the site collects analytical data through Vercel Analytics, which uses cookies and identifiers to measure engagement and improve UX; such data falls within the section "Navigation data and analytics" mentioned above.

    A complete cookie policy will be made available shortly in this section of the site.

    8. Data Security

    The Data Controller adopts appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, loss, or accidental destruction. Such measures include:

  • Use of HTTPS/TLS connections for secure data transmission;
  • Reliance on reputable providers (Vercel, Brevo) that implement international security standards;
  • Limitation of data access to authorized personnel only;
  • Adoption of logging and monitoring policies for anomaly detection.

    • 9. Updates to this Notice

    The Data Controller reserves the right to modify or update this privacy notice at any time, including in response to regulatory changes or the evolution of services offered through the site.

    The most recent version will always be available on this page, with indication of the date of last update.

    Last updated: January 12, 2026