Privacy Policy
Last updated: April 2026
1. Data Controller
itinovo S.r.l.s., based in Bologna, Italy, is the data controller for the itinovo CRM platform.
2. Data We Collect
- Account data: name, email, company name, VAT number (provided during registration)
- Usage data: pages visited, features used, timestamps (for analytics and improvement)
- Client data: data you enter about your clients, leads, quotes, suppliers (stored on your behalf)
- Payment data: processed by Stripe — we do not store credit card numbers
3. How We Use Your Data
- Provide and maintain the CRM service
- Process payments via Stripe
- Send transactional emails (quote notifications, invoices, automations)
- Improve the platform based on usage patterns
- Comply with legal obligations
4. Data Storage & Security
All data is stored in the European Union (AWS eu-central-1, Frankfurt). We use encryption at rest (AES-256) and in transit (TLS 1.3). Access is restricted via IAM roles and Cognito authentication.
5. Data Retention
- Active accounts: data retained for the duration of the subscription
- After cancellation: 30-day grace period for data export, then permanent deletion
- Backups: retained for 35 days (DynamoDB PITR)
6. Your Rights (GDPR)
- Access: export all your data at any time (Settings > Export)
- Rectification: edit your data directly in the platform
- Erasure: cancel your account to trigger data deletion after grace period
- Portability: export in JSON or CSV format
- Objection: contact support@itinovo.com
7. Third-Party Processors
- AWS (Frankfurt): infrastructure, database, storage
- Stripe (Ireland): payment processing
- Amazon SES (Frankfurt): transactional emails
All processors are GDPR-compliant with appropriate data processing agreements in place.
8. Cookies
We use only essential cookies for authentication (Cognito session). No tracking cookies, no third-party analytics cookies.
9. Contact
For privacy-related inquiries: privacy@itinovo.com