Privacy Policy
MacroCade — AI Financial Intelligence Platform Operated by PK - Project Key Solutions S.r.l. P.IVA IT15538561000 — Registered in Italy
Effective Date: 22 March 2026 Last Updated: 22 March 2026
1. Introduction
PK - Project Key Solutions S.r.l. (hereinafter "MacroCade," "the Company," "we," "us," or "our") is committed to protecting the personal data of all individuals who interact with the MacroCade platform (macrocade.com) and its associated services.
This Privacy Policy is issued pursuant to and in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, "GDPR"), Italian Legislative Decree No. 196/2003 as amended by Legislative Decree No. 101/2018 (the Italian Privacy Code), and any other applicable data protection legislation.
This document explains what personal data we collect, why we collect it, how we use it, with whom we share it, and what rights you have in relation to your personal data.
2. Data Controller
The Data Controller for personal data processed in connection with the Service is:
PK - Project Key Solutions S.r.l. P.IVA: IT15538561000 Country of Registration: Italy Privacy Contact Email: privacy@macrocade.com Legal/DPO Contact Email: dpo@macrocade.com
If you have any questions about this Privacy Policy or about the processing of your personal data, please contact us at privacy@macrocade.com.
3. Data Protection Officer (DPO)
Where required by applicable law, MacroCade has designated a Data Protection Officer. You may contact the DPO at:
Email: dpo@macrocade.com
The DPO is available to assist with inquiries related to your rights under the GDPR, questions about data processing activities, and concerns regarding compliance with applicable data protection law.
4. Personal Data We Collect
We collect the following categories of personal data:
4.1 Account Data
Collected when you register for an account or subscribe to a paid plan:
- Full name (first and last name)
- Email address
- Subscription plan type (Free, Freemium, Personal, Enterprise)
- Account creation date and last login date
- Billing contact information (name, billing address) — processed by our payment provider, Stripe
4.2 Usage Data
Collected automatically as you interact with the Service:
- Scenario queries submitted (for paid users who submit custom scenarios)
- Scenarios accessed or saved
- Filters and parameters applied during scenario searches
- Features and pages visited
- Session duration and frequency of use
- Interactions with AI-generated content (e.g., saves, exports)
4.3 Technical Data
Collected automatically by our systems and third-party infrastructure providers:
- IP address
- Browser type and version
- Operating system and device type
- Referring URLs
- Timestamps of access
- Error logs and diagnostic data
- Cookie identifiers (see our Cookie Policy for details)
4.4 Communications Data
If you contact us via email or support channels:
- Content of your message
- Your email address and any other contact information you provide
- Support ticket history
4.5 Payment Data
Payment transactions are processed entirely by Stripe, Inc. MacroCade does not collect, store, or process full payment card numbers, CVVs, or bank account details. We receive only limited payment confirmation data from Stripe (e.g., transaction ID, last four digits of card, subscription status).
5. Legal Basis for Processing
We process your personal data on the following legal bases pursuant to Article 6 of the GDPR:
| Processing Activity | Legal Basis | Article 6 Reference |
|---|---|---|
| Creating and managing your user account | Performance of a contract (Terms of Service) | Art. 6(1)(b) |
| Processing subscription payments | Performance of a contract | Art. 6(1)(b) |
| Delivering AI-generated scenario analyses | Performance of a contract | Art. 6(1)(b) |
| Sending transactional emails (account confirmations, billing receipts) | Performance of a contract | Art. 6(1)(b) |
| Ensuring platform security and preventing fraud | Legitimate interest of the Company | Art. 6(1)(f) |
| Analyzing platform usage for quality improvement and product development | Legitimate interest of the Company | Art. 6(1)(f) |
| Compliance with legal obligations (tax, accounting, regulatory) | Legal obligation | Art. 6(1)(c) |
| Sending marketing communications and newsletters | Consent (freely given, specific, informed, and withdrawable) | Art. 6(1)(a) |
| Analytics via Google Analytics | Consent (obtained via cookie banner) | Art. 6(1)(a) |
| Retention of records for dispute resolution | Legitimate interest of the Company | Art. 6(1)(f) |
Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Where processing is based on legitimate interest, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms.
6. Purposes of Processing
We use your personal data for the following purposes:
6.1 Service Delivery
To create and maintain your account, authenticate your identity, process subscription payments, deliver AI-generated scenario analyses, and provide all features and functionalities of the Service to which you have subscribed.
6.2 Customer Support
To respond to your inquiries, troubleshoot issues, and provide technical assistance.
6.3 Platform Security and Fraud Prevention
To detect, investigate, and prevent unauthorized access, abuse, fraud, or other security incidents affecting the Service or its users.
6.4 Product Improvement and Analytics
To analyze usage patterns, measure feature performance, identify areas for improvement, and develop new features and services. Analytics data is used in aggregated or pseudonymized form wherever possible.
6.5 Marketing Communications
With your prior express consent, to send you information about new features, updates, promotions, or other content that may be of interest to you. You may withdraw your consent at any time by clicking the "unsubscribe" link in any marketing email or by contacting privacy@macrocade.com.
6.6 Legal Compliance
To comply with applicable legal and regulatory obligations, including tax and accounting requirements under Italian law, and to respond to lawful requests from competent authorities.
6.7 Dispute Resolution
To establish, exercise, or defend legal claims.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.
| Category of Data | Retention Period |
|---|---|
| Account data (active accounts) | Duration of the account plus 24 months after deletion request |
| Usage and technical data | 24 months from collection |
| Payment and billing records | 10 years (mandatory under Italian tax law) |
| Communications and support records | 36 months from closure of the relevant support case |
| Marketing consent records | Duration of consent plus 24 months after withdrawal |
| Cookie and analytics data | As specified in our Cookie Policy |
Following the expiry of the applicable retention period, personal data is securely deleted or anonymized such that it can no longer be attributed to an identified or identifiable natural person.
8. Third-Party Service Providers and Data Processors
We share personal data with carefully selected third-party service providers who act as data processors on our behalf, bound by contractual obligations to process personal data only on our documented instructions, in compliance with the GDPR.
8.1 Stripe, Inc.
Purpose: Payment processing and subscription management Data Shared: Billing name, email address, billing address, payment card details (processed directly by Stripe) Headquarters: United States Safeguards: Standard Contractual Clauses (SCCs); Stripe is also certified under the EU-U.S. Data Privacy Framework (DPF) Stripe Privacy Policy: https://stripe.com/privacy
8.2 Supabase, Inc.
Purpose: Cloud database hosting, user authentication, and data storage Data Shared: Account data, usage data, scenario data Headquarters: United States (infrastructure optionally in EU regions) Safeguards: Standard Contractual Clauses (SCCs); data stored in EU-region infrastructure where available Supabase Privacy Policy: https://supabase.com/privacy
8.3 Vercel, Inc.
Purpose: Web application hosting and content delivery Data Shared: Technical data (IP addresses, browser data) via server logs Headquarters: United States (CDN infrastructure globally distributed) Safeguards: Standard Contractual Clauses (SCCs) Vercel Privacy Policy: https://vercel.com/legal/privacy-policy
8.4 Google LLC (Google Analytics)
Purpose: Web analytics, user behavior analysis, and platform performance measurement Data Shared: Usage data, technical data, pseudonymous identifiers via cookies Headquarters: United States Safeguards: Standard Contractual Clauses (SCCs); Google Analytics configured with IP anonymization Legal Basis: Consent (via cookie banner) Google Privacy Policy: https://policies.google.com/privacy
8.5 Anthropic, PBC
Purpose: AI language model processing to generate scenario analyses Data Shared: Content of scenario queries submitted by users (Personal and Enterprise plan users) Headquarters: United States Safeguards: Standard Contractual Clauses (SCCs); data processing agreement in place Anthropic Privacy Policy: https://www.anthropic.com/privacy
Important note regarding Anthropic: Scenario queries submitted by users may be processed through Anthropic's API. MacroCade maintains a data processing agreement with Anthropic that restricts the use of such data to the purpose of generating requested outputs. MacroCade does not authorize Anthropic to use submitted query content for the purpose of training its AI models, subject to Anthropic's applicable API use policies.
9. International Transfers of Personal Data
As detailed in Section 8, some of our third-party service providers are headquartered or operate infrastructure in countries outside the European Economic Area (EEA), including the United States.
Where personal data is transferred to third countries, we ensure that appropriate safeguards are in place to protect your data, as required by Chapter V of the GDPR. The safeguards we rely upon include:
- Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR;
- Adequacy Decisions of the European Commission where applicable;
- The EU-U.S. Data Privacy Framework (DPF) where the recipient is a certified participant.
You may obtain a copy of the applicable safeguards by contacting privacy@macrocade.com.
10. Your Rights as a Data Subject
Under the GDPR, you have the following rights in relation to your personal data:
10.1 Right of Access (Article 15 GDPR)
You have the right to obtain confirmation of whether we process personal data about you, and if so, to receive a copy of that data along with information about how it is processed.
10.2 Right to Rectification (Article 16 GDPR)
You have the right to request the correction of inaccurate personal data or the completion of incomplete personal data.
10.3 Right to Erasure ("Right to be Forgotten") (Article 17 GDPR)
You have the right to request the deletion of your personal data where: the data is no longer necessary for the purposes for which it was collected; you withdraw consent and there is no other legal basis for processing; you object to processing and there are no overriding legitimate grounds; or the data has been unlawfully processed. This right is subject to exceptions, including legal retention obligations.
10.4 Right to Data Portability (Article 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible, where processing is based on consent or on a contract.
10.5 Right to Object (Article 21 GDPR)
You have the right to object at any time to the processing of your personal data where processing is based on legitimate interest, including objecting to profiling based on legitimate interest. You also have the right to object to processing for direct marketing purposes at any time.
10.6 Right to Restriction of Processing (Article 18 GDPR)
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have disputed.
10.7 Rights Related to Automated Decision-Making (Article 22 GDPR)
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on you. MacroCade does not currently engage in fully automated decision-making with legal or similarly significant effects. The AI analyses provided are informational outputs and do not constitute automated decisions in the GDPR sense.
10.8 Right to Withdraw Consent (Article 7(3) GDPR)
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
10.9 How to Exercise Your Rights
To exercise any of the above rights, please contact us at:
Email: privacy@macrocade.com
We will respond to your request within 30 days of receipt. In complex or numerous cases, we may extend this period by a further two months, in which case we will inform you of the extension within the initial 30-day period.
We may request that you verify your identity before processing your request.
10.10 Right to Lodge a Complaint
If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. In Italy, the competent supervisory authority is:
Garante per la Protezione dei Dati Personali (Garante Privacy) Website: www.garanteprivacy.it Email: garante@gpdp.it Phone: +39 06 696771
You may also lodge a complaint with the supervisory authority of your country of habitual residence or place of work within the EU.
11. Data Security
MacroCade implements appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to:
- Encryption of data in transit (TLS/HTTPS) and at rest;
- Access controls and authentication mechanisms;
- Regular security assessments and monitoring;
- Vendor security due diligence;
- Incident response and breach notification procedures.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with Article 34 of the GDPR.
12. Children's Data
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a person under 18, we will take immediate steps to delete that data.
13. Cookies
We use cookies and similar tracking technologies on our website. For detailed information about the cookies we use, their purposes, and how you can manage your cookie preferences, please refer to our Cookie Policy, available at macrocade.com/legal/cookie-policy.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or the structure of our business. Material changes will be communicated to registered users by email at least 14 days before the effective date of the change. The date of the latest revision is always indicated at the top of this document.
Your continued use of the Service following the effective date of any changes constitutes your acknowledgment of the updated Privacy Policy.
15. Contact
For all privacy-related inquiries, requests, or concerns:
PK - Project Key Solutions S.r.l. Privacy contact: privacy@macrocade.com DPO contact: dpo@macrocade.com General: legal@macrocade.com