Privacy Policy

Scriba AI ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our website (scriba-ai.dev) and our code transformation platform. We act as Data Controller under Regulation (EU) 2016/679 (GDPR). Our registered office is in Milan, Italy.

We may collect the following categories of personal data: • Identity data: full name, job title, company name • Contact data: email address, phone number • Technical data: IP address (hashed), browser type, operating system, device information • Usage data: pages visited, time spent, features used, referral source • Code data: source code submitted through the demo translator (processed in real-time and NOT stored — zero data retention) • Communication data: messages sent via the contact form • Cookie data: preferences, consent records, session identifiers

We process your personal data for the following purposes: • To provide and maintain our platform and services • To respond to your inquiries and provide customer support • To process demo translation requests (code is processed in real-time and immediately discarded) • To send you relevant communications about our services (only with your consent) • To analyze website usage and improve our services • To detect and prevent fraud, abuse, and security incidents • To comply with legal obligations

We process your data based on the following legal grounds under GDPR Article 6: • Consent (Art. 6(1)(a)): for marketing communications and non-essential cookies • Contractual necessity (Art. 6(1)(b)): to provide our services and respond to inquiries • Legitimate interest (Art. 6(1)(f)): for security, fraud prevention, and service improvement • Legal obligation (Art. 6(1)(c)): to comply with applicable laws and regulations

We may share your data with: • Cloud infrastructure providers (EU-based or with adequate safeguards) • Analytics providers (only with your consent) • Payment processors (when applicable) • Legal authorities (when required by law) We do NOT sell your personal data. Any international data transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions approved by the European Commission.

We retain your personal data only as long as necessary for the purposes described: • Contact form submissions: 24 months • Account data: duration of the business relationship + 12 months • Analytics data: 26 months (anonymized after 14 months) • Code submitted via demo: NOT retained (zero data retention — processed in real-time and immediately discarded) • Cookie consent records: 12 months • Legal/compliance records: as required by law

As a data subject under GDPR, you have the following rights: • Right of access (Art. 15): request a copy of your personal data • Right to rectification (Art. 16): correct inaccurate data • Right to erasure (Art. 17): request deletion of your data • Right to restrict processing (Art. 18): limit how we use your data • Right to data portability (Art. 20): receive your data in a machine-readable format • Right to object (Art. 21): object to processing based on legitimate interest • Right to withdraw consent: at any time, without affecting prior processing To exercise any of these rights, contact us at privacy@scriba-ai.dev. We will respond within 30 days.

We implement appropriate technical and organizational measures to protect your data: • AES-256 encryption at rest, TLS 1.3 in transit • Access controls and role-based permissions • Regular security audits and penetration testing • SOC 2 Type II certified infrastructure • Hashed IP addresses (raw IPs are never stored) • Secure development practices and code review

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

We may update this Privacy Policy periodically. Material changes will be communicated via a prominent notice on our website. The "Last updated" date at the top reflects the latest revision. For any questions or concerns, contact our Data Protection Officer at privacy@scriba-ai.dev.