Privacy, Cookie & Legal Policy

A) Navigation Data and Hosting

The Site is hosted on the cloud infrastructure of Vercel Inc. (servers located in USA/EU). The computer systems responsible for the operation of the Site automatically acquire certain technical data (e.g., IP address, browser type, request time). These data are used exclusively for technical purposes (diagnostics, security, load balancing) and retained for the strictly necessary time provided by the hosting provider.

B) Appointment Booking Service

If you use the "Book a Call" function (/en/book-a-call), we collect the following data you voluntarily provide:

• Name and Surname: To identify you during the appointment.
• Email Address: To send you the confirmation and video call link.
• Optional Notes: Additional information about the reason for the call.

Processing: This data is processed to create an event on Google Calendar. The event may include a link to Google Meet. Data is visible only to the Controller and, limited to technical aspects, to service providers (Google). We do not use this data for marketing unless explicitly requested.

C) Intelligent Chatbot (Fabrizio AI)

The Site integrates a virtual assistant based on Generative Artificial Intelligence. When you send a message in the chat:

• The text of your question is sent in real-time to Google Gemini APIs (Google Cloud) to generate the response.
• Your name or identity is neither requested nor saved. Conversations are anonymous server-side.
• Warning: We invite you never to enter sensitive personal, financial, or health data into the chat.

D) Newsletter and Email Communications Service

If you choose to subscribe to the newsletter via the forms on the Site, we collect the following data that you provide voluntarily:

• Email address (required): to send you communications.
• Name (optional): to personalise communications.
• Subscription source: a technical datum identifying which page of the site you subscribed from.

Legal basis: Explicit consent (Art. 6.1.a GDPR). Subscription is voluntary and requires your active consent via a dedicated checkbox and subsequent email confirmation (double opt-in), in line with the guidance of the Data Protection Authority (Provvedimento 330/2025).

Purpose: Sending periodic updates on: new content published on the site, prompts and AI resources, updates to the book's reserved area, news on training and the author's projects.

Frequency: Communications are sent only when there is useful content to share. There is no fixed schedule or guaranteed minimum/maximum volume.

Processing: Data is processed via MailerLite (MailerLite Limited, J. Basanaviciaus 15, LT-03108 Vilnius, Lithuania), which acts as Data Processor. Data is stored on servers in the European Union. MailerLite privacy notice: https://www.mailerlite.com/legal/privacy-policy.

Retention: Data is retained until you withdraw consent (unsubscribe). In the event of prolonged inactivity (no email opens for 24 months), data will be deleted or anonymised.

Withdrawal of consent: You can unsubscribe at any time by clicking the "Unsubscribe" link in every email, or by contacting privacy @ fabriziomazzei . it. Unsubscription is immediate and irreversible.

You also have the right to object to processing, to request restriction of processing and, where applicable, data portability (Art. 20 GDPR). To exercise your rights you may write to privacy @ fabriziomazzei . it.

E) Audio Podcast Playback

The audio player integrated into the site (/podcast) is a proprietary technology that does not use third-party trackers (like Spotify or Apple Podcast embeds). The audio file is downloaded directly from the Site's server. However, downloading the file technically involves logging your IP address in the server access logs (see point A), necessary for data transmission.

E-bis) YouTube video with explicit consent (click-to-load)

On the book landing page, the video is integrated with a click-to-load mechanism: when the page opens, only a preview image is shown, without automatically loading the YouTube player.

Only after your click on "Enable YouTube and play" is the iframe loaded from youtube-nocookie.com. From that moment, YouTube/Google may process technical data (e.g., IP address, user agent, and player interactions) according to their own policies.

Legal basis: explicit consent (Art. 6.1.a GDPR) collected through a positive user action.

F) "Request Lab" Module

If you fill out the form to report a "boring problem," we collect your nickname and the problem description. Data is sent securely to a private spreadsheet (Google Sheets) and used only for internal analysis. AI may process the text to improve its readability before saving.

G) Services request form ("How can I help")

If you submit the form on the How can I help page (/en/how-can-i-help; Italian version /come-posso-aiutarti), we collect the data you voluntarily provide:

• Name: to identify you in follow-up.
• Email address: to reply about your request.
• Support type: consulting, workshop, or other (technical value selected in the form).
• Message: free text describing your need or context.

Legal basis: explicit consent via a dedicated checkbox (Art. 6.1.a GDPR) and, to handle your request, pre-contractual measures taken at your request (Art. 6.1.b GDPR).

Purpose: to receive, review, and respond to requests for information about professional services (consulting, training, or other options offered in the form).

Processing: data is stored in a database operated within the Vercel infrastructure (Vercel Postgres). Resend (Resend Inc., USA) is used to notify the Controller; the notification may include name, email, request type, and message content. Resend privacy notice: https://resend.com/legal/privacy-policy.

Retention: for as long as needed to handle and complete the matter related to your request and, if a relationship is established, for related records, unless longer legal retention applies.

Please avoid including special categories of personal data (health, beliefs, etc.) in the message unless strictly necessary.

H) "AI Audit" Tool

The AI Audit service automatically analyzes a user-provided website to generate a strategic report.

• Data Collected: website URL, business email address, public data on the target site (via automated scraping).
• Purpose: generation and delivery of the personalized strategic report. The email is used exclusively to deliver the report.
• Automated Process: the service uses scraping algorithms and Artificial Intelligence (Google Gemini) to evaluate site content.
• Sharing: public site data and provided context are processed by Google servers (Gemini API) which do not use them to train their public models (Enterprise API policy).

I) AI Tools - Client-Relay Architecture

The tools in the "AI Tools" section operate with a technical architecture defined as "Client-Relay" or "Stateless".

• No Storage (No Logs): the server acts exclusively as a technical bridge. We do not save, store, or retain prompts or generated responses in databases. Data resides in volatile memory (RAM) only for the milliseconds required for processing.
• API Key Management (BYOK): if required, your API Key is saved exclusively in your device's Local Storage. It is sent encrypted to the AI provider only at the time of the request and is never saved on our servers.
• AI Sub-processors: by using the tools, you accept that data entered into prompts is transmitted to language model providers: OpenAI, Google (Gemini), Anthropic (Claude), and Perplexity.
• Responsibility: the user is solely responsible for the data entered. We advise against entering sensitive personal, health, or financial data into prompts.