Privacy Policy

1. Introduction and Contact Information

1.1 Data Controller

Omar Pioselli ("we", "us", "our") is the data controller responsible for your personal data when you use GemBoost. We are committed to protecting your privacy and ensuring compliance with applicable data protection laws.

1.2 Privacy Contact

For all privacy-related inquiries, requests, or concerns, please contact us at:

• Email: Contact Form
• Subject Line: "Privacy Request - [Your Request Type]"
• Response Time: We will respond within 72 hours for urgent matters, 30 days for general inquiries

1.3 Scope of This Policy

This Privacy Policy applies to:

• GemBoost software installation and usage
• License validation and activation processes
• Our website at gemboost.org and related domains
• All interactions with our services and support

2. Information We Collect

2.1 Data We Directly Collect

2.2 Data Collected by Third Parties (Not Us)

2.3 Data We Explicitly DO NOT Collect

2.4 Minimal Website Technical Data

Our website collects only essential technical information:

• Vercel Analytics: Privacy-first analytics with no cookies and no personal identification
• Server Logs: Basic access logs for security and performance monitoring only
• No Tracking Cookies: We don't use Google Analytics, Facebook Pixel, or similar tracking technologies
• Contact Forms: Information you voluntarily provide when contacting support

2.4 Voluntary Information

You may choose to provide additional information when:

• Contacting customer support
• Reporting bugs or requesting features
• Participating in surveys or feedback programs
• Communicating with us via email or other channels

3. How We Use Information

3.1 Lawful Basis for Processing

We process your data based on the following legal grounds:

3.2 Specific Purposes

• License Validation: Verify your right to use GemBoost software
• Security: Prevent piracy, unauthorized access, and fraud
• Support: Troubleshoot issues and provide technical assistance
• Compliance: Meet legal obligations and maintain business records
• Updates: Deliver software patches, security fixes, and improvements

3.3 Data Retention - Privacy-First Approach

We retain your data for the following periods:

• Hardware Identifiers: Only while your license remains active - automatically deleted upon license deactivation
• Support Communications: 12 months after last contact for service quality
• Website Logs: 6 months for security and performance analysis
• Payment Records: As required by law for tax/accounting purposes only

Automatic Deletion: When you deactivate your license or uninstall GemBoost, all hardware identifiers are immediately purged from our systems.

4. Third-Party Services and Data Sharing

4.1 Payment Processing

We use Stripe for license sales and payment processing:

• Stripe processes payment information according to their privacy policy
• We receive purchase confirmations and license generation data
• No payment card details are stored on our systems
• View Stripe's privacy policy: stripe.com/privacy

4.2 License Validation Infrastructure

License validation is handled by Keygen, our trusted license management provider:

• Keygen processes license validation according to their privacy policy
• Secure HTTPS connections for all validation requests
• Data encrypted in transit and at rest by Keygen's infrastructure
• No direct server infrastructure operated by GemBoost
• View Keygen's privacy policy: keygen.sh/privacy

4.3 Data Sharing Policy

We DO NOT sell, rent, or trade your data. We may share data only in these limited circumstances:

• Legal Requirements: Court orders, subpoenas, or legal investigations
• Service Providers: Trusted vendors who assist in providing our services
• Business Transfers: In case of merger, acquisition, or sale of business assets
• Protection: To protect our rights, property, or safety, or that of our users

4.4 International Data Transfers and Locations

Your data may be transferred to and processed in countries outside your residence:

• All processing handled by GDPR-compliant third-party providers
• Stripe and Keygen maintain adequate safeguards for international transfers
• Standard Contractual Clauses (SCCs) implemented by service providers
• You have the right to request information about specific transfer arrangements
• Contact Contact Form for detailed information about data locations

5. Data Security and Protection

5.1 Technical Safeguards

We implement industry-standard security measures to protect your data:

5.2 Organizational Measures

• Staff Training: Regular privacy and security awareness programs
• Incident Response: Documented procedures for security breaches
• Vendor Management: Due diligence and security assessments
• Regular Audits: Security reviews and vulnerability assessments

5.3 Data Breach Notification

In the event of a data security incident:

• We will notify supervisory authorities within 72 hours if required
• Affected users will be informed without undue delay
• Clear information about the incident and our response will be provided
• Measures to mitigate harm will be implemented immediately

5.4 Data Minimization

We follow the principle of data minimization:

• Collect only data necessary for license validation
• Process data for specified, explicit, and legitimate purposes
• Retain data no longer than necessary
• Regularly review and delete unnecessary information

6. Your Rights and Choices

6.1 Your Rights Under GDPR (EU Residents)

If you are an EU resident, you have the following rights:

6.2 Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights:

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of exercising your rights

6.3 How to Exercise Your Rights

To exercise any of these rights:

1. Contact us at Contact Form
2. Include your license key to help us identify your account
3. Specify which right(s) you want to exercise
4. We will respond within the required timeframe (usually 30 days)
5. Identity verification may be required for security purposes

6.4 Limitations on Rights

Your rights may be limited when:

• Exercise would adversely affect others' rights and freedoms
• Data is required for legal compliance or defense of legal claims
• Information is necessary for contract performance (license validation)
• Data has been anonymized and cannot be re-identified

7. Cookies and Website Tracking

7.1 Cookie Policy

Our website uses minimal cookies:

7.2 Tracking Disclosure

We DO NOT:

• Use Google Analytics or similar tracking services
• Implement social media tracking pixels
• Employ behavioral advertising or profiling
• Share data with advertising networks
• Track users across multiple websites or devices

7.3 Cookie Control

You can control cookies through:

• Browser Settings: Block or delete cookies in your browser preferences
• Website Preferences: Adjust cookie settings on our website
• Third-Party Tools: Use privacy extensions and tools

7.4 Do Not Track

We respect "Do Not Track" browser signals and do not track users who enable this setting. Our website does not implement any tracking mechanisms that would override your DNT preferences.

8. Children's Privacy

8.1 Age Restrictions

GemBoost is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use our software or provide any personal information.

8.2 Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at Contact Form. We will promptly delete such information.

8.3 Special Protections

For users under 18:

• Additional consent mechanisms may be required
• Enhanced data protection measures apply
• Parents/guardians may exercise rights on behalf of minors
• Regular review of data necessity and proportionality

9. Updates to This Privacy Policy

9.1 Notification Process

We may update this Privacy Policy to reflect:

• Changes in data protection laws and regulations
• Updates to our services or business practices
• Enhanced privacy protections or user rights
• Feedback from users and privacy authorities

9.2 Material Changes

For significant changes to this policy:

• We will provide 30 days advance notice via email when possible
• In-software notifications will alert you to important updates
• Website banners will highlight major policy revisions
• Continued use constitutes acceptance of updated terms

9.3 Version Control

This policy is version-controlled with clear change logs. Previous versions are archived and available upon request for transparency and accountability.

10. Contact Information and Complaints

10.1 Autorità di Controllo

Gli utenti hanno il diritto di presentare reclamo al Garante per la protezione dei dati personali se ritengono che il trattamento dei loro dati personali violi il Regolamento Generale sulla Protezione dei Dati (GDPR) o la normativa italiana sulla privacy.

Procedura di Reclamo

• I reclami possono essere presentati gratuitamente
• Non è obbligatorio l'assistenza di un avvocato
• Il Garante esamina il reclamo e può avviare indagini
• Possibili sanzioni amministrative per violazioni accertate
• Raccomandiamo di contattarci prima (https://gemboost.dev/contact) per una risoluzione diretta

10.1 Supervisory Authorities

You have the right to lodge complaints with relevant supervisory authorities:

• EU Residents: Your local Data Protection Authority (DPA)
• UK Residents: Information Commissioner's Office (ICO)
• California Residents: California Attorney General's Office
• Other Jurisdictions: Contact your local privacy regulator

10.2 Complaint Process

When filing a complaint with us:

1. Provide detailed description of your privacy concern
2. Include relevant dates, interactions, and documentation
3. Specify the resolution you are seeking
4. We will acknowledge receipt within 48 hours
5. Investigation and response within 30 days
6. Escalation procedures available if unsatisfied