LEGAL

Privacy Policy

Data Controller

DISINDEX S.R.L.
Via Renzo e Lucia 9, 20142 Milano (Italy)
P. IVA: 11611310969 · RI/REA: MI-2614128
Email: privacy@divamea.com

1. Categories of Data Processed

1. Account data — Email, name, organization name, role (collected at registration).
2. Knowledge base content — Documents uploaded by the tenant (PDF, DOCX, media, etc.), stored securely and processed for AI retrieval.
3. Product catalog data — Product information imported or synced from e-commerce platforms.
4. Conversation data — Chat messages between end-users and AI assistants.
5. Biometric-adjacent data — Facial photos for skin analysis (only with explicit consent, anonymized before processing).
6. Lead data — Name, email, phone, custom fields collected via widget lead capture forms.
7. Technical data — IP addresses, browser info, language preferences (for widget localization).
8. Billing data — Payment information processed by Stripe (Divamea does not store card details).

2. Legal Bases for Processing (GDPR Art. 6)

• Consent — Skin analysis photos, lead capture forms.
• Contractual necessity — Account management, service delivery.
• Legitimate interest — Analytics, platform improvement, security.

3. Data Storage and Isolation

• All tenant data is isolated using PostgreSQL Row-Level Security (RLS).
• Documents stored in Google Cloud Storage with signed, time-limited access URLs.
• Database hosted on Supabase infrastructure (EU region).
• Application services run on Google Cloud Run (EU).

4. Third-Party Sub-Processors

5. Data Retention

• Account data: Retained while account is active, deleted upon request.
• Conversation data: Soft-deleted on request; hard-deletion via GDPR erasure function.
• Original skincare photos: 30-minute automatic TTL — auto-deleted via scheduled cleanup.
• Anonymized skincare photos: Retained permanently (no identity data, only skin texture).
• Photo access audit log: Retained indefinitely for compliance (never deleted, even during GDPR erasure).
• Audit logs: Retained indefinitely for compliance purposes.

6. GDPR Data Deletion (Right to Erasure)

Our platform provides atomic data deletion capabilities:

1. Soft-deletes the conversation record (tombstone preserved for audit).
2. Hard-deletes all conversation messages (personal text content permanently removed).
3. Hard-deletes retrieval events.
4. Scrubs skincare session personal fields (analysis data, names, emails, allergy info, photo paths set to NULL).
5. Returns photo storage paths for physical file purging.

Three deletion reasons are supported: tenant request, GDPR erasure, and admin action.

The photo access audit log is preserved even after deletion as an immutable compliance record.

7. Data Subject Rights (GDPR Art. 15–22)

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data
• Restrict processing
• Data portability
• Object to processing

Contact: privacy@divamea.com

8. Security Measures

• Row-Level Security (RLS) on all tenant-scoped database tables (25+ tables)
• HTTPS/TLS for all data in transit
• Encrypted at rest (infrastructure-level encryption via Supabase/GCS)
• Signed URLs with expiration for file access
• Role-based access control (Owner, Admin, Member)
• AI Shield Guardrails auto-prepended to prevent data leakage
• Full audit logging of critical actions (insert-only, no edit/delete)
• Photo anonymization for skin analysis
• Photo 30-minute TTL with automatic cleanup
• Immutable photo access audit log
• Storage-level access control (private buckets)
• Service role separation for admin operations

9. Cookies

• Authentication session cookies (Supabase Auth)
• Active tenant cookie (httpOnly, secure in production, sameSite: lax)
• No third-party tracking cookies
• No advertising cookies
• No browser fingerprinting

10. Contact

For any privacy-related inquiries, please contact us at: privacy@divamea.com