Privacy Policy

Last updated: 2/8/2026

This Privacy Policy describes how we collect, use, and protect the personal data of users who visit the AGORÀ website and use related services.

1. Data Controller

The Data Controller is AGORÀ Intelligence S.r.l., with registered office in Italy. For any request regarding the processing of personal data, you can contact us through the contact form available on the website.

2. Data Collected

We collect the following categories of personal data:

• Identification data: first name, last name, business email address
• Business data: company name, professional role
• Contact data: phone number (when provided)
• Communication data: messages and requests sent through our forms
• Technical data: IP address, browser type, technical cookies necessary for website functionality

3. Purpose of Processing

Personal data is processed for the following purposes:

• Managing access requests and presentation requests
• Evaluating project suitability and business context
• Communications related to AGORÀ services
• Improving user experience on the website
• Compliance with legal obligations

4. Legal Basis for Processing

The processing of personal data is based on:

• Data subject's consent: for sending commercial and marketing communications
• Pre-contractual measures: for managing access and presentation requests
• Legitimate interest: for service improvement and website security
• Legal obligations: for fiscal and accounting compliance

5. Data Retention

Personal data is retained only for the time strictly necessary to achieve the purposes for which it was collected. Specifically:

• Data related to access requests: 24 months from submission date
• Data related to presentation requests: 12 months from submission date
• Technical data and cookies: according to the timeframes indicated in the Cookie Policy

6. Data Recipients

Personal data may be shared with:

• IT and hosting service providers (Supabase, cloud services)
• Email and communication service providers
• External consultants and professionals (accountants, lawyers)
• Competent authorities, when required by law

7. International Data Transfers

Some of our service providers may be located outside the European Union. In such cases, we ensure that data transfers comply with applicable regulations through the adoption of standard contractual clauses approved by the European Commission or other adequate safeguards.

8. Data Subject Rights

In accordance with GDPR, data subjects have the right to:

• Access: obtain confirmation of the existence of personal data and receive a copy
• Rectification: correct inaccurate or incomplete data
• Erasure: obtain deletion of data (right to be forgotten)
• Restriction: restrict data processing in certain circumstances
• Portability: receive data in structured format and transmit it to another controller
• Objection: object to data processing for legitimate reasons
• Withdraw consent: withdraw consent at any time

To exercise these rights, you can contact us through the form available on the website.

9. Cookies and Similar Technologies

Our website uses technical cookies necessary for site functionality. These cookies do not require user consent as they are essential for navigation.

We do not use profiling or tracking cookies for advertising purposes. Analytics cookies, when present, are used in anonymous and aggregated form.

10. Data Security

We adopt adequate technical and organizational measures to protect personal data from unauthorized access, loss, destruction, or alteration. All data is transmitted through secure connections (HTTPS) and stored on protected servers with limited and controlled access.

Security Measures Implemented

To ensure the highest level of security, we implement the following measures:

• HTTPS Encryption: All data transmission is encrypted using TLS 1.2+ protocols. We enforce HTTPS across the entire domain with automatic HTTP to HTTPS redirection.
• Security Headers: We implement comprehensive security headers including:
  • Strict-Transport-Security (HSTS) to enforce secure connections
  • Content-Security-Policy (CSP) to prevent XSS attacks
  • X-Frame-Options to prevent clickjacking
  • X-Content-Type-Options to prevent MIME-type sniffing
  • Referrer-Policy to control information leakage
• Access Controls: Administrative access is protected by secure authentication mechanisms, rate limiting, and token-based sessions with expiration.
• Rate Limiting: We implement rate limiting on API endpoints to prevent abuse and protect against brute-force attacks.
• CORS Protection: Cross-Origin Resource Sharing is restricted to authorized domains only.
• Input Validation: All user inputs are validated and sanitized to prevent injection attacks.
• Secure Storage: Sensitive data is stored using industry-standard encryption and access controls.
• Regular Updates: We regularly update our systems and dependencies to address security vulnerabilities.
• Monitoring & Logging: We monitor access attempts and log security events for audit purposes.

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

11. Changes to Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time. Changes will be published on this page with an indication of the last update date. We recommend checking this page periodically to stay informed about any changes.

12. Contact

For any questions or requests regarding this Privacy Policy or the processing of personal data, you can contact us using the contact form available on the website.