Privacy Notice

The data controller is Mattia Calastri, founder of btcpredictor.io.
To exercise your rights or for any request concerning personal data, please contact us via GitHub Issues.

We only collect data that you voluntarily provide:

• Email address — via the Satoshi widget (btcpredictor.io) or the newsletter form (aureo.it) — to send project updates and financial education content.

We do not collect sensitive data, payment data, or browsing information beyond what is already handled by the third parties listed below.

Processing is based on your explicit consent (Art. 6(1)(a) GDPR), given at the time of form submission. You may withdraw your consent at any time by writing to GitHub Issues.

Data is stored on Supabase (cloud PostgreSQL infrastructure). Supabase is GDPR-compliant and adheres to transfer mechanisms for third countries (Standard Contractual Clauses). We do not sell, rent, or share your data with third parties for commercial purposes.

The site also uses the following sub-processors:

• Cloudflare Turnstile (Cloudflare, Inc.) — invisible CAPTCHA system to protect the sign-up form. Cloudflare processes your IP address and technical device data to verify that the request originates from a human user. Cloudflare is certified under the EU-U.S. Data Privacy Framework. Privacy policy: cloudflare.com/privacypolicy
• Google Analytics 4 (Google LLC) — for anonymous measurement of site interactions (navigation, events, conversions). Data is pseudonymised and does not allow direct identification. Google is certified under the EU-U.S. Data Privacy Framework.
• Google reCAPTCHA v3 (Google LLC) — invisible CAPTCHA system for anti-bot protection on all public forms. Google processes your IP address, technical device data, and interaction patterns to assign a risk score. Google is certified under the EU-U.S. Data Privacy Framework.
• Google Fonts (Google LLC) — for loading web fonts.
• Microsoft Clarity (Microsoft Corporation) — for collecting heatmaps, session replays, and click tracking. Data is pseudonymised. Activated only upon consent via the cookie banner. Microsoft is certified under the EU-U.S. Data Privacy Framework.
• Sentry (Functional Software, Inc.) — for technical error monitoring. No personal data of the end user is processed.

Your data is retained until you withdraw your consent. You may request its deletion at any time.

As a data subject, you have the right to:

• Access — know what data we hold about you
• Rectification — correct inaccurate data
• Erasure (right to be forgotten) — delete all your data
• Restriction — restrict processing under certain circumstances
• Objection — object to processing on legitimate grounds
• Portability — receive your data in a machine-readable format

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, disclosure, or alteration. Data is stored on cloud infrastructure with encryption in transit (HTTPS/TLS) and at rest.

In the event of a personal data breach posing a risk to your rights and freedoms, we will notify the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) within 72 hours of discovery (Art. 33 GDPR). If the breach is likely to result in a high risk to your rights, we will also inform you directly without undue delay (Art. 34 GDPR).

This site does not use profiling or third-party tracking cookies. We use localStorage solely for local interface preferences (e.g., active tab, War Room mode, previously viewed messages) — this data never leaves your browser and is not transmitted to any server.

Google Analytics 4 uses technical measurement cookies (_ga, _ga_*) to distinguish users in an anonymised manner. You can disable them via the Google Analytics Opt-out browser add-on or other privacy extensions.