Privacy and Cookie Policy are available in English only. For translations contact [email protected].
Last updated: June 2026 — drafted in accordance with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended.
The data controller for omniachart.com and app.omniachart.com is Davide Bondavalli, Italy. For any privacy-related request, contact [email protected].
Full legal entity details (registered business name, VAT number, registered address) will be published here upon incorporation, expected during Q3 2026.
| Purpose | Legal basis |
|---|---|
| Provide and maintain the charting service to registered users | art. 6(1)(b) — performance of contract |
| Process subscription payments | art. 6(1)(b) — performance of contract |
| Send transactional/service emails (e.g. password reset, billing receipts) | art. 6(1)(b) — performance of contract |
| Newsletter and purchased-guide delivery | art. 6(1)(a) — explicit consent (collected at signup/purchase) |
| Security logging, fraud prevention, anti-abuse | art. 6(1)(f) — legitimate interest (security of the service) |
| Analytics & performance measurement (Google Analytics 4) | art. 6(1)(a) — consent via cookie banner |
| Compliance with legal obligations (e.g. tax records for purchases) | art. 6(1)(c) — legal obligation |
We rely on the following sub-processors to operate the service. Each is bound by a Data Processing Agreement and processes data only on our instructions.
| Provider | Purpose | Region | Data shared |
|---|---|---|---|
| Cloudflare (Pages, Workers, CDN, KV) | Website, blog hosting, edge cache, request routing | Global edge (EU PoPs prioritised for EU users) | IP, user-agent, request metadata |
| Stripe | Payment processing for subscriptions and guides | USA (with EU-US Data Privacy Framework + SCCs) | Email, billing details, card data (never seen by us) |
| Resend | Transactional email delivery | EU | Email address, message content |
| Anthropic (Claude API) | Server-side blog article generation | USA (Standard Contractual Clauses) | No personal user data — only article prompts |
| Google Analytics 4 | Analytics (only after consent) | EU collection, US transfer under DPF + SCCs | IP (anonymised), event metadata, pseudonymous client ID |
| Telegram | Internal admin notifications about new blog posts | Global | No user data — only operational alerts |
| Iubenda | Cookie banner and consent record | EU | Consent metadata (timestamp, scope) |
| Google Fonts (policy) | Loading of Inter and JetBrains Mono webfonts from fonts.googleapis.com / fonts.gstatic.com | USA (EU-US DPF + SCCs) | IP, user-agent (when the browser requests the font file) |
| jsDelivr (policy) | Open-source CDN serving PokéAPI sprite images in the homepage constellation | Global edge (operated by Prospect One sp. z o.o., EU) | IP, user-agent |
| CoinGecko (policy) | Crypto asset icons (coin-images.coingecko.com) on homepage and blog cards | Singapore / Global edge | IP, user-agent |
| Iconify (policy) | On-demand icon SVGs (api.iconify.design) — Material Design, Noto, Twemoji | Global edge (Cloudflare-backed) | IP, user-agent |
| FlagCDN (policy) | Country flag images (flagcdn.com) used in the language switcher | Global edge | IP, user-agent |
| Clearbit Logo API (policy) | Brand logos for asset tags on homepage (logo.clearbit.com) | USA (SCCs) | IP, user-agent, queried brand domain |
| PokemonTCG.io (policy) | Pokémon card images (images.pokemontcg.io) in homepage and blog content | USA | IP, user-agent |
| YGOProDeck (policy) | Yu-Gi-Oh! card images (images.ygoprodeck.com) in homepage content | USA | IP, user-agent |
| Scryfall (policy) | Magic: The Gathering card data API (api.scryfall.com) | USA | IP, user-agent |
| YouTube / Google (policy) | Product demo video embed (when activated) | USA (EU-US DPF + SCCs) | IP, user-agent, watch interaction; cookies blocked until consent |
For the image and font CDNs above, the only data the provider sees is the standard HTTP request metadata (your IP address and user-agent) that any browser sends when loading a resource. None of these embeds set cross-site tracking cookies in our usage pattern.
We do not sell personal data and do not share it with third parties for marketing purposes.
Some sub-processors (Stripe, Anthropic, Google) may transfer data to the United States. Such transfers are protected by either the EU-US Data Privacy Framework (where the provider is self-certified) or Standard Contractual Clauses approved by the European Commission, providing safeguards equivalent to GDPR.
You have the right to:
To exercise any right, email [email protected]. We respond within 30 days (extendable to 90 in complex cases, with notice).
OmniaChart uses essential cookies for authentication and session management, plus optional analytics cookies (Google Analytics 4) loaded only after consent via the cookie banner. Full details — including provider, duration, and purpose — are in our Cookie Policy. You can change your preferences at any time via the "Preferenze cookie" link in the footer.
We apply technical and organisational measures appropriate to the risk: TLS 1.2+ for all traffic, bcrypt-hashed passwords, restricted access to production systems, regular dependency updates. No method is 100% secure; in the event of a personal data breach affecting your rights, we will notify the supervisory authority within 72 hours and, where required, you directly.
OmniaChart is not directed at minors under 16. We do not knowingly collect data from children. If you believe a minor has provided us with personal data, contact [email protected] and we will delete it.
We may update this policy to reflect changes in our service or in applicable law. The "Last updated" date at the top is authoritative; substantive changes will be notified via email to registered users or via banner on the site.
Privacy questions and rights requests: [email protected]
For complaints, you may also contact the Italian Garante Privacy at garanteprivacy.it.