Legal

Privacy Policy

Last updated: June 9, 2026. This Privacy Policy describes how Dentoku Dev (""we"", ""us"", or ""our"") processes personal data when you visit dentokudev.com, purchase or use EmailMagnet, or engage us for digital consulting services. It is issued pursuant to Art. 13 of Regulation (EU) 2016/679 (""GDPR"") and the Italian Personal Data Protection Code (D.Lgs. 196/2003, as amended by D.Lgs. 101/2018).

1. Data Controller

The data controller is Dentoku Dev (Nicola Orlandi, sole trader / ditta individuale), Via Bullona 8, 20154 Milano, Italy — P.IVA IT13625480960.

Contact for data protection matters: support@dentokudev.com. A designated Data Protection Officer is not mandatory for our current processing activities; we handle all privacy requests directly.

2. Personal Data We Process

Depending on how you interact with us, we may process the following categories of personal data:

Identity and contact data — name, email address, and (for consulting clients) company name, VAT number, billing address.
Transactional data — purchase records, licence keys, and invoices related to EmailMagnet PRO or consulting engagements.
Payment data — processed by Stripe, Inc. (EmailMagnet PRO) and Gumroad, Inc. (ClickPilotAI) on our behalf; we do not store full card numbers or bank account details.
Support and communications data — emails, messages, and attachments exchanged with our support address.
Technical and usage data — IP address, browser type, referral URL, and server access logs collected automatically when you visit our website.
Cookies and tracking data — as described in Section 7 below.

We do not intentionally collect special-category data (Art. 9 GDPR) or data concerning criminal convictions. We do not knowingly process personal data of persons under 16 years of age; if you believe a minor has submitted data to us, contact us for prompt deletion.

3. Purposes and Legal Bases

We process personal data only where a legal basis under Art. 6 GDPR applies:

a) Performance of a contract (Art. 6(1)(b) GDPR)

Processing your name, email, and billing information to deliver EmailMagnet PRO access, issue invoices, and fulfil digital consulting engagements you have requested. Without this data the service cannot be provided.

b) Compliance with a legal obligation (Art. 6(1)(c) GDPR)

Retaining billing records and invoices as required by Italian tax and accounting law (D.P.R. 633/1972 on VAT; D.P.R. 600/1973 on income tax), for a period of ten years from the date of each document.

c) Legitimate interests (Art. 6(1)(f) GDPR)

Operating, securing, and improving our website and services; detecting and preventing fraud and abuse; maintaining server access logs for security and forensic purposes (retained for up to 90 days); and sending transactional communications about your existing purchases. Our legitimate interests are balanced against your rights; you may object as described in Section 8.

d) Consent (Art. 6(1)(a) GDPR)

Where we send optional marketing communications or deploy non-essential cookies, we do so only on the basis of your freely given, specific, and informed consent, which you may withdraw at any time without affecting prior processing.

4. Sub-Processors and Data Sharing

We do not sell, rent, or trade personal data. We engage the following categories of processors under written data-processing agreements:

Payment processing — Stripe, Inc. (USA) for EmailMagnet PRO; Gumroad, Inc. (USA) for ClickPilotAI. Both process billing and payment data under their own privacy policies and the SCCs they have adopted as processors.
Cloud hosting and CDN — Vercel Inc. (USA); hosts the website and API under SCCs.
Analytics — Google LLC (Google Analytics 4, USA); anonymised website usage statistics under SCCs and IP anonymisation.
Email delivery — transactional email sent via a provider under a DPA; used only for licence delivery, support replies, and mandatory service notices.

We may also disclose data to public authorities when required by law, court order, or to protect our legal rights.

5. International Transfers

Some sub-processors listed above are established in the United States, which does not benefit from an adequacy decision for all transfer scenarios. Transfers are covered by the Standard Contractual Clauses adopted by the European Commission (Decision 2021/914) and, where applicable, by the EU–U.S. Data Privacy Framework. You may request copies of the applicable transfer safeguards by writing to support@dentokudev.com.

6. Retention Periods

Purchase and billing records — 10 years from the date of the transaction, as required by Italian fiscal law.

Support correspondence — retained until the support case is closed and for a further 2 years for quality assurance; deleted thereafter unless a legal claim is pending.

Marketing consent records — until you withdraw consent, plus 1 year to demonstrate the consent was valid.

Website server logs — up to 90 days, then automatically purged.

Consulting engagement records — 5 years from project completion, unless a longer retention is necessary for legal disputes or contractual guarantees.

7. Cookies and Tracking

We use strictly necessary cookies to operate the website (session management, security). With your consent, we also deploy analytics cookies (Google Analytics 4) to understand aggregate traffic patterns. No cookies are used for behavioural advertising. You can manage or withdraw cookie consent at any time through the cookie banner or your browser settings. For detailed information see our Cookie Policy.

8. Your Rights

Under the GDPR (Arts. 15–22) and, for Italian residents, the Italian Privacy Code, you have the following rights with respect to your personal data:

Right of access (Art. 15) — obtain confirmation of whether we process your data and receive a copy.
Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
Right to erasure / "right to be forgotten" (Art. 17) — request deletion of your data where no legitimate retention basis remains.
Right to restriction (Art. 18) — request that processing be restricted in certain circumstances.
Right to data portability (Art. 20) — receive your data in a structured, machine-readable format where processing is based on consent or contract.
Right to object (Art. 21) — object to processing based on legitimate interests or to direct marketing at any time.
Right to withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
Rights related to automated decision-making (Art. 22) — we do not make decisions with significant legal or similarly significant effects based solely on automated processing.

To exercise any of the above rights, email support@dentokudev.com with sufficient detail to identify your request. We will respond within 30 days (extendable by a further 60 days for complex requests, with notice). We do not charge a fee for reasonable requests.

If you believe your rights have not been upheld, you have the right to lodge a complaint with the Italian supervisory authority, the Garante per la protezione dei dati personali, Piazza di Monte Citorio 121, 00186 Roma — tel. +39 06 696771 — garanteprivacy.it. You may also file a complaint with the supervisory authority of your country of residence within the EU.

9. Security Measures

We implement appropriate technical and organisational measures pursuant to Art. 32 GDPR, including HTTPS/TLS in transit, access controls, and regular review of processing activities. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay as required by Art. 34 GDPR.

10. Changes to This Policy

We may revise this policy to reflect changes in our processing activities, applicable law, or supervisory guidance. Material changes will be notified by email to active users or by a notice on this page at least 30 days before taking effect. The Last updated date at the top of this page indicates the version currently in force.

11. Contact

All privacy-related requests, complaints, and questions: support@dentokudev.com. We aim to acknowledge requests within 5 business days.