Privacy Policy

Last updated: July 11, 2025

This Privacy Policy describes how Cathedral srls ("we", "us", or "our") collects, uses, and protects your personal information when you use hexaDAO platform available at https://hexadao.io (the "Service"). This policy is compliant with the General Data Protection Regulation (GDPR) and Italian privacy laws.

1. Data Controller

Cathedral srls
Website: https://hexadao.io
Email: dm@hexadao.io
Address: Via Tiziano 397 - 25124 Brescia (BS)
VAT Number: 03939260984

2. What Information We Collect

2.1 Information You Provide

Account information (if you create an account)
Contact information when you communicate with us
Any other information you voluntarily provide

2.2 Information We Collect Automatically

Based on our technical implementation, we collect the following data automatically:

Data Type	Purpose	Legal Basis	Retention Period
Session Identifiers	Maintain your session and ensure platform functionality	Legitimate Interest	Session duration
User Analytics Data	Improve platform performance and user experience	Legitimate Interest	30 days
Platform KPIs	Monitor platform health and performance	Legitimate Interest	30 days
Usage Rankings	Analyze platform usage patterns	Legitimate Interest	30 days
Cookie Preferences	Remember your consent choices	Consent	1 year

3. Legal Basis for Processing

Under GDPR, we process your data based on:

Legitimate Interest: To operate and improve our platform
Consent: For cookies and analytics (where required)
Contract: To provide services you request
Legal Obligation: To comply with applicable laws

4. How We Use Your Information

We use the collected information for the following purposes:

Provide, maintain, and improve our services
Analyze platform usage and performance
Ensure platform security and prevent fraud
Communicate with you about the service
Comply with legal obligations

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

Service Providers: With trusted third parties who assist us in operating our platform
Legal Requirements: When required by law or to protect our rights
Business Transfers: In case of merger, acquisition, or asset sale

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments
Access controls and authentication
Employee training on data protection

7. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

Right to Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data
Right to Restrict Processing: Request limitation of processing
Right to Data Portability: Request transfer of your data
Right to Object: Object to processing of your data
Right to Withdraw Consent: Withdraw consent at any time
Right to Lodge a Complaint: File a complaint with supervisory authority

To exercise these rights, please contact us using the information provided below.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law:

Session Data: Deleted when session ends
Analytics Data: Retained for 30 days
Cookie Preferences: Retained for 1 year
Account Data: Retained while account is active

9. International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure adequate protection through:

Adequacy decisions by the European Commission
Standard contractual clauses
Other appropriate safeguards

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Cookies and Tracking

We use cookies and similar technologies as described in our Cookie Policy. You can control cookies through your browser settings and our cookie consent banner.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we may provide additional notice.

13. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Cathedral srls
Email: [Please add your contact email]
Website: https://hexadao.io
Address: [Please add your Italian address]

14. Supervisory Authority

Italian Data Protection Authority (Garante per la protezione dei dati personali):
Website: https://www.garanteprivacy.it
Email: garante@gpdp.it
Address: Piazza Venezia, 11 - 00187 Roma

This Privacy Policy is designed to be compliant with GDPR and Italian privacy regulations. Please ensure you review and customize the contact information and any specific details relevant to your platform's data processing activities.