Privacy Policy
Last updated: April 12, 2026
This policy describes how Eriga collects, uses and protects personal data of service users, in compliance with Regulation (EU) 2016/679 (GDPR) and applicable Italian legislation.
1. Data controller
The data controller is Eriga.
Email: privacy@eriga.app
2. Data collected
Data provided by the user
- Registration data: name, email address
- Billing data: company name, VAT number, address (managed by Stripe)
- Data entered in the service: resources, obligations, certificates and attachments uploaded by the user
Automatically collected data
- Technical data: IP address, browser type, operating system
- Usage data: pages visited, features used, access timestamps
3. Purposes of processing
| Purpose | Legal basis |
|---|---|
| Service delivery | Contract performance |
| Payment management | Contract performance |
| Service communications | Legitimate interest |
| Service improvement | Legitimate interest |
| Legal obligations | Legal obligation |
4. Data sharing
Personal data is shared only with third-party subprocessors necessary to deliver the Service. The full, up-to-date list — with role and processing region for each one — is available on the Subprocessors page.
We do not sell or share personal data with third parties for marketing or profiling purposes.
5. Data transfers
Data is hosted on servers located in the European Union. We do not transfer data to non-EU countries, except where necessary for the sub-processors indicated (with adequate contractual guarantees under Art. 46 GDPR).
6. Data retention
- Account data: retained for the duration of the contractual relationship
- Data entered in the service: deleted within 30 days of account closure
- Billing data: retained for 10 years as required by law
- Technical logs: retained for a maximum of 90 days
7. Security
We adopt appropriate technical and organizational measures:
- Encryption of data in transit (TLS) and at rest
- Data isolation per organization (multi-tenancy)
- Role-based access control
- Automatic encrypted backups
- ISO 27001 and ISO 9001 certifications
8. User rights
In compliance with the GDPR, users have the right to:
- Access — obtain a copy of their personal data
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of data
- Portability — receive data in a structured format
- Objection — object to processing based on legitimate interest
- Restriction — restrict processing in certain cases
To exercise these rights: privacy@eriga.app
Users also have the right to lodge a complaint with the Italian Data Protection Authority (garanteprivacy.it).
9. Cookies
The site uses only technical cookies necessary for the operation of the service. We do not use profiling cookies or third-party cookies for advertising purposes.
10. Changes to this privacy policy
Any changes will be published on this page with an updated revision date. For substantial changes, we will send a notification via email.
11. Contact
For questions about this policy:
privacy@eriga.app