Legal & Privacy

Welcome to the official Privacy & Cookie Policy for the portfolio website of Mattia Capomagi. The purpose of this document is to clearly describe how I handle your personal data, ensuring full transparency and compliance with the General Data Protection Regulation (EU Regulation 2016/679 - "GDPR") and other applicable privacy laws.

I take your privacy seriously. This policy details the types of data I collect, why I collect it, how I protect it, and your rights regarding your personal information. By using this website, you acknowledge the practices described in this policy.

Note: This site is not intended for children under 14 years of age.

The Data Controller responsible for the processing of your personal data on this website is:

Mattia Capomagi (hereinafter referred to as "the Controller" or "I")
Email for Privacy Inquiries: mattia.capomagi@gmail.com

As the Data Controller, I determine the purposes and means of processing your personal data. You may contact me at any time regarding privacy concerns using the email address provided above.

I collect and process different types of personal data to provide and improve my services:

1. Navigation Data (server logs)

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This data includes:

• IP addresses or domain names of the computers used by users connecting to the site.
• URI (Uniform Resource Identifier) addresses of the requested resources.
• The time of the request.
• The method used to submit the request to the server.
• The size of the file obtained in response.
• The numerical code indicating the status of the response given by the server (successful, error, etc.).
• Other parameters relating to the user's operating system and IT environment.

2. Data Provided Voluntarily by the User

The optional, explicit, and voluntary sending of messages via the Contact Form or via email to the addresses indicated on this site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data inserted in the message (e.g., Name, Surname).

Newsletter Subscription: If you choose to subscribe to my newsletter, I collect your email address specifically to send you updates, news, and information about tools and projects.

I process your personal data based on specific legal grounds provided by the GDPR:

• Legitimate Interest (Art. 6(1)(f) GDPR): I process technical navigation data to ensure the correct functioning of the website, guarantee security, and prevent fraudulent activities.
• Performance of a Contract (Art. 6(1)(b) GDPR): I process data provided in the Contact Form to respond to your specific inquiries, requests for quotes, or collaboration proposals.
• Consent (Art. 6(1)(a) GDPR): I process data for analytics (Google Analytics) and newsletter marketing only with your explicit, free, and optional consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

I may share your data with trusted third-party service providers who act as Data Processors on my behalf. These providers have access to personal data needed to perform their functions but may not use it for other purposes. I ensure all processors comply with GDPR standards.

1. Hosting & Infrastructure

• Vercel Inc.
  Vercel provides the hosting infrastructure, Edge Network, and deployment services for this website. They may process your IP address and other usage data to deliver the content and ensure sitewide security. Vercel also provides "Speed Insights" to monitor performance.
  Read Vercel Privacy Policy
• GitHub Inc. (Code Repository)
  Purpose: Hosting of source code and version control.
  Read GitHub Privacy Policy

2. Analytics

• Google Analytics 4 (Google Ireland Limited)
  I use Google Analytics to analyze website traffic and user behavior. This service uses cookies to collect aggregated data on page views, session duration, and geographic location. I have configured IP anonymization where possible. This processing occurs only after your explicit consent.
  Read Google Privacy Policy

3. Email & Communication

• Resend Inc.
  I use Resend to manage my newsletter and deliver transactional emails (e.g., contact form confirmations). Your email address is stored securely on their servers. Resend tracks open rates and clicks to help me improve my communication.
  Read Resend Privacy Policy

What are cookies?
Cookies are small text files that the sites visited by the user send to their terminal (usually the browser), where they are stored before being re-transmitted to the same sites at the next visit by the same user.

Categories of Cookies I Use

• Technical/Essential Cookies: These are strictly necessary for the functioning of the website or to save your preferences (e.g., keeping track of your consent choice or dark mode setting). Under current regulations, these cookies do not require prior consent.
• Analytics Cookies: These are used to collect information, in aggregate/anonymous form, on the number of users and how they visit the site. I use Google Analytics cookies for this purpose. These are installed ONLY if you grant your consent via the cookie banner.

Managing Preferences

You can change your cookie preferences at any time by clearing your browser cache or using the "Cookie Settings" link in the footer (if available). Most modern browsers also allow you to block cookies via their settings menu.

Some of the third-party services I use (specifically Google Analytics, Vercel, and Resend) are based outside the European Economic Area (EEA), primarily in the United States.

I ensure that any transfer of data to countries outside the EEA takes place in accordance with the protections required by the GDPR. Specifically:

• Transfers to the USA are covered by the EU-US Data Privacy Framework (for certified companies) or by Standard Contractual Clauses (SCCs) approved by the European Commission, which guarantee a level of data protection essentially equivalent to that of the EU.

This website provides various interactive tools that generate digital content ("Artifacts"), such as images, processed code, or visual effects.

1. User Ownership of Artifacts

I broadly grant users ownership rights over the output they generate using my tools. You are free to use, download, copy, modify, distribute, and perform the generated Artifacts for both personal and commercial purposes without restriction from me.

2. Liability Waiver & Terms of Use

While you own the output, the tools themselves and the underlying code remain the intellectual property of Mattia Capomagi. Furthermore:

NO WARRANTY / LIMITATION OF LIABILITY: The Artifacts are generated "AS IS". The Data Controller (Mattia Capomagi) assumes no liability whatsoever for the content of the Artifacts, nor for any consequences arising from their use.

You are solely responsible for ensuring that your use of the generated Artifacts complies with all applicable laws, regulations, and third-party rights (including copyright and trademark laws). You agree to indemnify and hold harmless the Controller from any claims arising out of your use of the tools.

3. Attribution

Attribution is not legally required for the use of generated Artifacts. However, if you find value in my tools, crediting Mattia Capomagi with a link back to this website is greatly appreciated by the author.

As a data subject, the GDPR grants you specific rights regarding your personal data (Articles 15-22 GDPR). You have the right to obtain from the Controller confirmation as to whether or not personal data concerning you is being processed, and specifically:

• Right of Access: To know what data we hold about you and receive a copy.
• Right to Rectification: To correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): To request the deletion of your data where legally possible.
• Right to Restriction of Processing: To limit how we use your data in certain scenarios.
• Right to Data Portability: To receive your data in a structured, machine-readable format.
• Right to Object: To oppose the processing of your data for direct marketing or legitimate interest purposes.
• Right to Withdraw Consent: To revoke consent at any time without affecting prior lawful processing.

Additional Rights
In case of death, rights may be exercised by those with a legitimate interest (under Italian D.Lgs 101/2018).

How to Exercise Your Rights
You can exercise any of these rights by sending a written request to the Data Controller at mattia.capomagi@gmail.com. I will respond to your request within one month.

Right to Lodge a Complaint
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, specifically the Garante per la protezione dei dati personali in Italy.

Your personal data is retained only for the period strictly necessary to achieve the purposes for which it was collected:

• Analytics Data: Retained for 26 months, after which it is automatically deleted or anonymized.
• Contact Requests: Retained for the duration necessary to handle the request and for a maximum of 2 years thereafter for administrative record-keeping.
• Newsletter Data: Retained until you unsubscribe. Upon unsubscription, your email is removed from my mailing list immediately.
• Technical Cookies: Retained for the duration of the session or until expiration as defined by the browser.
• Server Logs: Retained for 30 days.