Vai al contenuto principale
Cortileo

Privacy Policy

Last updated: March 13, 2026

1. Introduction

Cortileo ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website at cortileo.com and our services, including the guidebook builder and template marketplace (the "Service").

We process personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

We collect the following categories of personal data:

2.1 Information You Provide

  • Account data: Name, email address, and password when you register (or profile information from Google if you sign in via Google OAuth).
  • Payment data: Billing information processed through Stripe. We do not store your full credit card details on our servers.
  • Guidebook content: Text, images, and configuration data you enter into the guidebook builder.
  • Communications: Messages you send to us via email at hello@cortileo.com.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, and interaction patterns within the Service.
  • Device data: Browser type, operating system, IP address, and device identifiers.
  • Cookies and similar technologies: See Section 5 below.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the Service: Creating and managing your account, processing purchases, hosting your guidebooks, and delivering template bundles.
  • Communication: Sending transactional emails (purchase confirmations, password resets) and, with your consent, marketing emails about product updates and tips.
  • Improvement: Analyzing usage patterns to improve the Service, fix bugs, and develop new features.
  • Legal compliance: Meeting our legal obligations, including tax and accounting requirements.

The legal bases for processing under GDPR are: performance of a contract (providing the Service), legitimate interest (improving the Service and security), consent (marketing communications), and legal obligation (tax/accounting).

4. Third-Party Services

We share data with the following third-party processors, only as necessary to provide the Service:

  • Stripe — Payment processing. Stripe receives your billing and payment card information. See Stripe's Privacy Policy.
  • Google — OAuth authentication (if you sign in with Google). Google receives confirmation of your sign-in request. See Google's Privacy Policy.
  • Resend — Transactional and marketing email delivery. Resend processes your email address and message content. See Resend's Privacy Policy.
  • Vercel — Hosting and infrastructure. Vercel processes request data (IP addresses, headers) as part of serving the application. See Vercel's Privacy Policy.
  • Neon — Database hosting. Your account and guidebook data is stored on Neon's infrastructure. See Neon's Privacy Policy.

We do not sell your personal data to any third party.

5. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and core functionality (e.g., session tokens). These cannot be disabled.
  • Analytics cookies: Help us understand how visitors use the site. These are only set with your consent.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion:

  • Account and guidebook data is deleted within 30 days.
  • Payment records are retained for up to 7 years as required by tax and accounting regulations.
  • Anonymized usage data may be retained indefinitely for analytical purposes.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we limit the processing of your data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest or for direct marketing.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at hello@cortileo.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS).
  • Encryption of data at rest in our database.
  • Secure password hashing (bcrypt).
  • Access controls limiting who can access personal data within our systems.

9. International Data Transfers

Some of our third-party processors operate outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

10. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For any privacy-related questions or to exercise your data rights, contact us at:

Cortileo
Email: hello@cortileo.com

See also our Terms of Service.