Privacy and Cookie Policy for Caseoowl

1. Introduction

This Privacy and Cookie Policy explains how Caseoowl ("we," "us," or "our") collects, uses, and protects your personal information. This policy applies to all users of our web application and complies with:

• The General Data Protection Regulation (GDPR)
• The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• The California Online Privacy Protection Act (CalOPPA)
• Italian and EU data protection laws

Data Controller:
Caseoowl
Email: info@caseoowl.com

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

• Contact Information: Email address, first name, last name, phone number
• Address Information: Street address, city, state/province, ZIP/postal code
• Social Media Information: Profile information when you connect via Facebook, Google, Twitter, GitHub, or Microsoft
• Payment Information: Payment transaction details (processed by Stripe and PayPal)
• Usage Data: Information collected through cookies and analytics (see Section 5)

2.2 How We Collect Information

We collect information:

• Directly from you when you register, make purchases, or contact us
• Automatically through cookies and tracking technologies
• From third-party services when you use social login features

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To provide, maintain, and improve our services
• Communication: To send transactional emails and, with your consent, marketing communications
• Payment Processing: To process transactions through Stripe and PayPal
• Analytics: To understand user behavior through Google Analytics and Lucky Orange
• Advertising: To display relevant ads through Google AdSense and remarketing campaigns
• Security: To protect against fraud and abuse using reCAPTCHA
• Legal Compliance: To comply with applicable laws and regulations

Legal Bases for Processing (GDPR)

We process your personal data based on:

• Consent: For marketing emails and non-essential cookies
• Contractual Necessity: To provide our services
• Legitimate Interests: For analytics, security, and service improvement
• Legal Obligation: To comply with applicable laws

4. Cookies and Tracking Technologies

4.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our services.

4.2 Types of Cookies We Use

Essential Cookies (Strictly Necessary)

These cookies are necessary for the website to function and cannot be disabled:

• Session authentication cookies
• Security cookies (reCAPTCHA)

Analytics Cookies

• Google Analytics: Tracks user behavior and website performance
• Lucky Orange: Session recording and heatmap analytics to understand user interactions
• These cookies help us understand how visitors interact with our website

Advertising Cookies

• Google AdSense: Displays relevant advertisements
• Google Ads Remarketing: Shows targeted ads based on your previous visits

Third-Party Cookies

We use the following third-party services that may set cookies:

• Google Analytics
• Lucky Orange
• Google AdSense
• Google Ads (AdWords)
• Facebook (social login)
• Google (social login)
• Twitter (social login)
• GitHub (social login)
• Microsoft (social login)
• Stripe (payment processing)
• PayPal (payment processing)

4.3 Cookie Duration

• Session Cookies: Deleted when you close your browser
• Persistent Cookies: Remain until expiration or manual deletion (typically 1-24 months)

4.4 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to refuse or delete cookies
• Opt-Out Tools:
  • Google Analytics: https://tools.google.com/dlpage/gaoptout
  • Lucky Orange: https://privacy.luckyorange.com/
  • Google Ads Settings: https://adssettings.google.com/
  • Network Advertising Initiative: http://www.networkadvertising.org/choices/

Note: Disabling essential cookies may affect website functionality.

5. Information Sharing and Disclosure

We share your information with:

Service Providers

• AWS: Email delivery services
• Stripe and PayPal: Payment processing
• Google: Analytics, advertising, and social login
• Facebook, Twitter, GitHub, Microsoft: Social login services

Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes
• Protect our rights and property
• Prevent fraud or security issues
• Protect user safety

We do not sell your personal information to third parties.

6. Your Privacy Rights

6.1 GDPR Rights (EU/EEA Users)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for marketing communications at any time
• Lodge a Complaint: File a complaint with your local data protection authority (Garante per la protezione dei dati personali in Italy)

6.2 CCPA/CPRA Rights (California Residents)

You have the right to:

• Know: What personal information we collect, use, and share
• Access: Request copies of your personal information
• Delete: Request deletion of your personal information
• Correct: Request correction of inaccurate information (CPRA)
• Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell personal information)
• Limit: Limit the use of sensitive personal information
• Non-Discrimination: Not receive discriminatory treatment for exercising your rights

Shine the Light: California residents can request information about data shared with third parties for marketing purposes once per year.

6.3 CalOPPA Rights

Consistent with CalOPPA:

• We clearly describe our privacy practices
• Users can visit our site anonymously
• This policy is linked on our homepage and accessible pages
• We notify users of policy changes on this page
• Users can change personal information by contacting us

6.4 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals, as there is no industry standard for compliance. We honor opt-out preferences through cookie settings and the mechanisms described above.

6.5 Exercising Your Rights

To exercise any of these rights, contact us at: info@caseoowl.com

We will respond within:

• GDPR: 30 days (extendable by 60 days in complex cases)
• CCPA/CPRA: 45 days (extendable by 45 days)

7. Data Retention

We retain your personal information:

• For as long as your account is active
• As necessary to provide our services
• To comply with legal obligations (typically 7-10 years for financial records)
• To resolve disputes and enforce agreements

You may request deletion at any time, subject to legal retention requirements.

8. International Data Transfers

We are based in Italy. Your information may be transferred to and processed in countries outside the EU/EEA, including the United States (AWS, Google, Stripe). We ensure appropriate safeguards through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions
• Service providers' compliance with applicable frameworks

9. Children's Privacy

Our services are not directed to children under 16 (or 13 in the US). We do not knowingly collect information from children. If you believe we have collected information from a child, contact us immediately at info@caseoowl.com.

10. Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (SSL/TLS)
• Regular security assessments
• Access controls and authentication
• reCAPTCHA for spam and abuse prevention

However, no method of transmission is 100% secure. We cannot guarantee absolute security.

11. Email Communications

Transactional Emails

We send necessary emails about your account and transactions using AWS.

Marketing Emails

With your consent, we send promotional emails. You can:

• Opt-out using the unsubscribe link in any email
• Contact us at info@caseoowl.com to update preferences

12. Changes to This Policy

We may update this policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance.

For material changes affecting GDPR rights, we will provide prominent notice or request renewed consent where required.

13. Contact Us

For questions, concerns, or to exercise your rights:

Email: info@caseoowl.com

EU Data Protection Authority (Italy):
Garante per la protezione dei dati personali
Website: https://www.garanteprivacy.it/