CantieriCloud — gestionale per l'edilizia

Privacy Policy

Last updated: 12 June 2026

This is an English translation provided for convenience. In case of any discrepancy or conflict, the Italian version shall prevail as the legally binding text.

1. Data Controller

The controller of personal-data processing is:
BOSIO GROUP SRL
Via Carlo Bossi 20, 26020 San Bassano (CR), Italy
VAT ID: 01818540195
Certified email (PEC): bosiogroupsrl@pec.it
Email: info@cantiericloud.com

2. Data We Collect

CantieriCloud collects the following categories of personal data:

  • Registration data: first name, last name, email, password (encrypted), business name, VAT number, tax code
  • Contact data: address, phone number, certified email (PEC), SDI code (Italian e-invoicing identifier)
  • Usage data: access logs, actions performed within the platform, user preferences
  • Payment data: handled directly by Stripe Inc. (we do not store credit-card details)
  • Construction-site data: information about job sites, clients, workers, quotes and uploaded documents

3. Purposes of Processing

Personal data is processed for the following purposes:

  • Service delivery: account management, access to the platform, management-software features
  • Service communications: technical notifications, updates, customer support
  • Billing: management of subscriptions and payments
  • Service improvement: anonymous analytics to optimise the user experience
  • Legal compliance: tax and regulatory obligations

4. Legal Basis for Processing

Data processing is based on:

  • Performance of a contract: Art. 6(1)(b) GDPR — to deliver the service requested
  • Consent: Art. 6(1)(a) GDPR — for marketing communications (optional)
  • Legitimate interest: Art. 6(1)(f) GDPR — for analytics and service improvement
  • Legal obligation: Art. 6(1)(c) GDPR — for tax and regulatory compliance

5. Data Retention

Personal data is retained as follows:

  • Account data: for the entire duration of the contractual relationship and for the following 10 years (tax obligations)
  • Construction-site data: for the entire duration of the subscription and for 30 days after cancellation
  • Access logs: for 6 months
  • Billing data: for 10 years, as required by Italian tax law

6. Data Sharing

Data may be shared with:

  • Supabase Inc.: database hosting and authentication (EU-based servers)
  • Stripe Inc.: payment processing
  • Resend: transactional email delivery
  • Anthropic: AI features (data is anonymised)
  • Meta Platforms: Meta Pixel, to measure the effectiveness of advertising campaigns (only with explicit consent via the cookie banner)
  • Google LLC: Google Analytics 4, for aggregated traffic analytics with anonymised IP (only with explicit consent via the cookie banner)

We do not sell or transfer your personal data to third parties for marketing purposes.

7. Data Transfers Outside the EU

Some of our providers (Stripe, Anthropic) are based in the United States. Such transfers take place in accordance with the EU–US Data Privacy Framework and the Standard Contractual Clauses adopted by the European Commission.

8. Cookies and Tracking

The website uses three categories of cookies:

  • Strictly necessary cookies: essential for the website to function (authentication, preferences, security). No consent required.
  • Analytics cookies: Google Analytics 4, for aggregated traffic analytics with anonymised IP. Loaded only with explicit consent via the cookie banner.
  • Marketing cookies: Meta Pixel, to measure the effectiveness of advertising campaigns. Loaded only with explicit consent via the cookie banner.

On your first visit a banner allows you to accept, refuse, or customise the cookie categories. You can change your preferences at any time by clicking the button below, or the Cookie preferences link in the website footer.

9. Your Rights

Under the GDPR, you have the right to:

  • Access: obtain confirmation of processing and a copy of your data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your data (the "right to be forgotten")
  • Restriction: limit processing in specific circumstances
  • Portability: receive your data in a structured format
  • Objection: object to processing on legitimate grounds
  • Withdrawal of consent: withdraw consent at any time

To exercise these rights, contact us at: privacy@cantiericloud.com

10. Security

We adopt appropriate technical and organisational measures to protect your data:

  • SSL/TLS encryption for all communications
  • Passwords hashed using secure algorithms
  • Two-factor authentication available
  • Regular, encrypted backups
  • Data access restricted to authorised personnel only
  • Row Level Security (RLS) to isolate data between organisations

11. Complaints

If you believe the processing of your data violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali):
www.garanteprivacy.it

12. Changes to this Privacy Policy

We reserve the right to amend this notice. Any changes will be published on this page, with an indication of the update date. For material changes we will send a notification by email.

Contact

For questions about this notice or the processing of your data:

BOSIO GROUP SRL
Email: privacy@cantiericloud.com
Certified email (PEC): bosiogroupsrl@pec.it
Address: Via Carlo Bossi 20, 26020 San Bassano (CR), Italy