Privacy Policy

This Privacy Policy explains how POSTFRONTAL S.A.S. di Giuliano Golfieri & C. ("we", "us") processes personal data collected through this landing page (transientik.com) in connection with the upcoming product Transientik Master. We act as data controller under Regulation (EU) 2016/679 ("GDPR") and the Italian Personal Data Protection Code (Legislative Decree 196/2003 as amended).

1. Data controller

• Name: POSTFRONTAL S.A.S. di Giuliano Golfieri & C.
• Legal form: Società in accomandita semplice (S.a.s.)
• Registered office: Via Maria Montessori 12, 20138 Milano (MI), Italy
• VAT / Fiscal code: IT05264240960 · REA MI - 1809185
• PEC: mail@pec.postfrontal.com
• Privacy contact: labs@transientik.com

No Data Protection Officer (DPO) has been appointed: we do not meet the criteria of Art. 37 GDPR.

2. Categories of data we process

• Waitlist data — email (required), and optionally name, role and DAW. Submitted via the form on the home page.
• Marketing-consent metadata — your explicit consent flag, timestamp, policy version, hashed IP address (SHA-256, truncated, used for fraud prevention), user-agent string and HTTP referer.
• Technical data — IP address, browser, operating system, device type, language, pages visited, time on page, traffic source.
• Analytics & marketing identifiers — only if you give consent: Google Analytics 4 client ID and Meta Pixel cookies / advertising identifiers.

3. Purposes and legal bases

1. Manage the waitlist and notify you about Transientik Master — legal basis: performance of pre-contractual measures at your request (Art. 6.1.b GDPR).
2. Send promotional emails about Transientik Labs products — legal basis: your explicit consent at sign-up (Art. 6.1.a GDPR). You can withdraw at any time using the unsubscribe link in every email or by writing to labs@transientik.com.
3. Operate, secure and debug the website (technical cookies, server logs) — legal basis: legitimate interest in keeping the site available and secure (Art. 6.1.f GDPR).
4. Aggregate analytics (Google Analytics 4) — legal basis: your consent via the cookie banner (Art. 6.1.a GDPR).
5. Marketing measurement (Meta Pixel) — legal basis: your consent via the cookie banner (Art. 6.1.a GDPR).
6. Comply with legal obligations — legal basis: Art. 6.1.c GDPR.

4. Recipients and processors

Personal data may be processed by the following providers acting as data processors under written agreements (Art. 28 GDPR):

• Google Ireland Ltd. — hosting (Cloud Run, region europe-west1), database (Firestore Native) and analytics (Google Analytics 4).
• Meta Platforms Ireland Ltd. — Meta Pixel for advertising measurement (only with marketing consent, and only while advertising campaigns are running).
• Resend (Plus Five Five, Inc.) — transactional email delivery (waitlist double opt-in and unsubscribe confirmations).

We do not sell or rent your data. Disclosure to public authorities only when legally required.

5. International transfers

Google Analytics 4 and Meta Pixel involve transfers to the United States. Such transfers rely on (i) the EU–US Data Privacy Framework adequacy decision (Implementing Decision (EU) 2023/1795) where the recipient is certified, and (ii) Standard Contractual Clauses (Decision (EU) 2021/914) as a fallback, supplemented by technical measures (IP anonymization, encryption in transit). The application server runs in the EU (europe-west1).

6. Retention

• Waitlist signups: until you unsubscribe or request deletion. We perform a yearly review and remove inactive records older than 24 months.
• Marketing-consent metadata: kept as long as the corresponding signup, then archived 12 months for proof of consent (Art. 7 GDPR).
• Analytics data (GA4): 14 months from collection.
• Server logs: 30 days, except records flagged for security investigation.

7. Your rights

Under Articles 15–22 GDPR you have the right to:

• access your data and obtain a copy;
• request rectification of inaccurate data;
• request erasure ("right to be forgotten");
• restrict or object to processing;
• data portability in a structured, machine-readable format;
• withdraw consent at any time, without affecting prior lawful processing;
• not be subject to fully automated decisions producing legal effects (we don't run any).

Send requests to labs@transientik.com from the email address used at sign-up. We respond within 30 days (extendable by 60 days for complex cases).

You can also lodge a complaint with the supervisory authority: Garante per la protezione dei dati personali (Piazza Venezia 11, 00187 Roma, Italia) — https://www.garanteprivacy.it.

8. Beta program

If you take part in the Transientik Master beta program, we process additional data under the separate beta agreement you accept on joining: your account email, device and activation identifiers, NDA acceptance metadata (timestamp and NDA version), a truncated network identifier (the first three octets of your IPv4 address, or the first 48 bits of your IPv6 address) used solely to prevent licence abuse and fraud (legitimate interest, Art. 6.1.f GDPR), and any content you post in the beta forum. This data is kept for the duration of the beta and deleted afterwards, except where retention is required for security or legal reasons. To exercise your rights or request complete removal, email labs@transientik.com.

9. Cookies

See the dedicated Cookie Policy for the full list of cookies, their purpose and how to change your preferences. You can re-open the consent banner at any time using the "Manage cookies" link in the footer.

10. Security

We apply technical and organisational measures appropriate to the risk (Art. 32 GDPR), including TLS encryption, restricted access via least privilege, regular dependency updates, and segregation between production and personal devices.

11. Changes to this policy

We may update this Privacy Policy. The version number and effective date at the top reflect the latest revision. Material changes trigger a new consent prompt where required by law.