Skip to main content
MacroCadeMacroCade
← Back to Legal

Privacy Policy

Operated by PK - Project Key Solutions S.r.l. — P.IVA IT15538561000

Last updated: March 2026

1. Introduction

PK - Project Key Solutions S.r.l. (“MacroCade”) is committed to protecting the personal data of all individuals who interact with the MacroCade platform and its associated services.

This Privacy Policy is issued in compliance with Regulation (EU) 2016/679 (GDPR), Italian Legislative Decree No. 196/2003 as amended by Legislative Decree No. 101/2018 (the Italian Privacy Code), and any other applicable data protection legislation.

Data Controller: PK - Project Key Solutions S.r.l.
Privacy contact: privacy@macrocade.com
DPO: dpo@macrocade.com

2. Personal Data We Collect

We collect the following categories of personal data:

  • Account Data: full name, email address, subscription plan type, account creation and login dates, billing contact information (processed by Stripe).
  • Usage Data: scenario queries submitted, scenarios accessed or saved, filters applied, session duration and frequency of use.
  • Technical Data: IP address, browser type and version, operating system, referring URLs, timestamps of access, error logs.
  • Communications Data: content of support messages, email address, support ticket history.
  • Payment Data: processed entirely by Stripe. MacroCade does not store full card numbers, CVVs, or bank account details.

3. Legal Basis for Processing

We process personal data on the following legal bases under Article 6 GDPR:

  • Performance of a contract — account management, payment processing, and service delivery.
  • Legitimate interest — platform security, fraud prevention, and product improvement.
  • Legal obligation — compliance with Italian tax and regulatory requirements.
  • Consent — marketing communications and analytics cookies (freely given and withdrawable at any time).

4. Third-Party Service Providers

We share personal data with carefully selected processors, bound by GDPR-compliant data processing agreements:

  • Stripe, Inc. — payment processing (US, SCCs + DPF certified).
  • Supabase, Inc. — cloud database and authentication (US, SCCs, EU-region infrastructure available).
  • Vercel, Inc. — web hosting and CDN (US, SCCs).
  • Google LLC — analytics via Google Analytics 4 (US, SCCs + DPF certified, IP anonymization enabled).
  • Anthropic, PBC — AI language model processing for scenario analyses (US, SCCs, DPA in place, no training use of query data).

5. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Access (Art. 15) — obtain a copy of your data and information about how it is processed.
  • Rectification (Art. 16) — correct inaccurate or incomplete data.
  • Erasure (Art. 17) — request deletion of your data where legally applicable.
  • Data Portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Object (Art. 21) — object to processing based on legitimate interest or for direct marketing.
  • Restriction (Art. 18) — request limited processing in certain circumstances.
  • Withdraw Consent (Art. 7(3)) — withdraw consent for consent-based processing at any time.

To exercise any of these rights, contact privacy@macrocade.com. We will respond within 30 days. You also have the right to lodge a complaint with the Italian supervisory authority: Garante per la Protezione dei Dati Personali (www.garanteprivacy.it).

6. Data Retention and Security

Personal data is retained only for as long as necessary: account data for up to 24 months after deletion, payment and billing records for 10 years as required by Italian tax law.

MacroCade implements appropriate technical and organizational security measures including TLS encryption in transit and at rest, access controls, regular security assessments, and incident response procedures compliant with Article 34 GDPR.