Privacy Policy
How Cashfulness collects, uses, and protects your personal data under the EU GDPR and the Italian Privacy Code.
This Privacy Policy describes how Vittorio Giusti srl (hereinafter “Cashfulness”, “we”, “Data Controller”) collects, uses, and protects the personal data of users of the Cashfulness service (website cashfulness.com and the mobile/desktop application), under Regulation (EU) 2016/679 (“GDPR”) and Italian Legislative Decree 196/2003 as amended (“Italian Privacy Code”).
For our privacy philosophy in narrative form (why we made certain choices), see the /privacy-radicale page. This document is instead the formal notice.
1. Data Controller
- Company name
- Vittorio Giusti srl
- Registered office
- Via del Campisano 520, 55054 Massarosa (LU), Italy
- VAT / Tax ID
- 12122090967
- Certified email (PEC)
- vittoriogiusti.com@pec.it
- GDPR rights email
- privacy@cashfulness.com
- Legal representative
- Vittorio Giusti, sole shareholder and director
Vittorio Giusti srl is the owner of the “Cashfulness” trademark (EUIPO registration no. 019297195).
Data Protection Officer (DPO): not appointed, as Vittorio Giusti srl does not fall under the mandatory appointment cases set out in Art. 37 GDPR (it is not a public authority, and its core activities do not consist of large-scale processing of sensitive data).
2. Quick definitions
- User
- the natural person who signs up to the Cashfulness service.
- Service
- the website
cashfulness.comand the Cashfulness application for mobile (iOS, Android) and desktop (Windows, macOS, Linux). - Personal data
- any information relating to an identified or identifiable natural person (Art. 4.1 GDPR).
- Processing
- any operation performed on personal data (collection, recording, storage, processing, deletion, etc.).
- Nickname
- pseudonym freely chosen by the user at signup; it does not identify the real person.
3. Categories of data processed
3.1. Identification data (minimum)
- Email (may also be pseudonymous, e.g.
aurora.at.night@protonmail.com) - Nickname (pseudonym, may be fictional — e.g. “Captain”, “Sail”, etc.)
- Password (stored encrypted, never in clear text)
We do not request nor process: first name, last name, tax ID, date of birth, address, phone number, gender, identity document.
3.2. Security data (`login_history` table)
At every new sign-in we record:
- IP address of the session
- User agent of the browser/app
- Device info (operating system, device model where available)
- Date and time of the session
These data are used exclusively for account security (suspicious access detection, anti-abuse). They are always collected and are not subject to the Improvement Programme opt-out (see §3.6).
3.3. Accounting data
- Workspaces (“accounting spaces”) created by the user, with their chart of accounts
- Transactions recorded by the user in double-entry form
- Balances and derived computations (net worth, income statement, etc.)
- Categories and budgets created by the user
These data live on our remote database (Supabase, European servers) associated with the user’s nickname and email. By design they do not contain personal demographic data of the real person, unless the user voluntarily inserts it (e.g. account names including their surname — a discouraged behaviour, see /privacy-radicale).
3.4. Uploaded documents (end-to-end encryption)
- Files uploaded by the user (bank statements, bills, contracts, policies, etc.)
These files are end-to-end encrypted on the user’s device before being sent to our server, with a key derived from the personal password + 24 recovery words (BIP39 seed). The key never leaves the user’s device. On the server we only see blocks of digital noise: we cannot read the content of the documents — neither us, nor the infrastructure operators, nor any authority that might formally request them.
3.5. Anonymous aggregated usage logs (Improvement Programme, opt-out)
To improve the app we measure:
- Sessions (app opens, duration)
- Feature usage (which sections are used, with what frequency)
- Errors and performance (crashes, response times)
- Device operating system (for beta-tester prioritization and coverage)
All these data are anonymous and aggregated, never tied to the user’s real identity. They stay on our European Supabase servers: no third-party services (Google Analytics, Mixpanel, Amplitude, Sentry, Firebase Analytics, etc.).
The user can disable collection at any time from the app settings, under “Improvement Programme” (opt-out).
3.6. Newsletter signup data (only if the user opts in)
- Email + optional name/pseudonym
Processed exclusively if the user actively opts in. See §6 for the third-party service that hosts them (ActiveCampaign).
3.7. Payment data
Not processed directly by Cashfulness. Subscription payments go through:
- Apple App Store (for subscriptions purchased on iOS)
- Google Play (for subscriptions purchased on Android)
- Stripe (for subscriptions purchased via the website)
These third parties process the user’s name, address, credit card, IBAN, and are responsible for issuing invoices or fiscal receipts to end users according to their own policies and the regulations of each country.
From these intermediaries Cashfulness only receives the net amount and an opaque subscription identifier (e.g. sub_abc123). We never see: customer name, address, tax ID, credit card, IBAN.
4. Purposes of processing
Personal data are processed for the following purposes:
| # | Purpose | Data categories involved | Legal basis |
|---|---|---|---|
| 1 | Service delivery (registration, authentication, syncing of accounting data across devices) | 3.1, 3.3, 3.4 | Contract performance (Art. 6.1.b GDPR) |
| 2 | Account security (suspicious access detection, anti-abuse) | 3.2 | Legitimate interest (Art. 6.1.f GDPR) |
| 3 | Product improvement (anonymous aggregated usage analysis) | 3.5 | Legitimate interest (Art. 6.1.f GDPR), revocable via opt-out |
| 4 | Service communications (email verification, password reset, security notifications) | 3.1 | Contract performance (Art. 6.1.b GDPR) |
| 5 | Educational newsletter and operational tips (only if opted in) | 3.6 | Explicit consent (Art. 6.1.a GDPR), revocable |
| 6 | Compliance with legal obligations (requests from competent authorities or supervisors) | 3.1, 3.2, 3.3 | Legal obligation (Art. 6.1.c GDPR) |
5. Third-party services (external data processors)
To deliver the service we rely on third-party providers, selected for reliability and GDPR compliance. All have signed a Data Processing Agreement (DPA) with us under Art. 28 GDPR.
| Service | Function | Headquarters | Actual servers | Extra-EU transfer safeguards |
|---|---|---|---|---|
| Supabase (Supabase Inc.) | Database + user authentication | USA | Europe (eu-west) | DPA + SCC + Data Privacy Framework |
| Vercel (Vercel Inc.) | Hosting of cashfulness.com | USA | Europe (Frankfurt) | DPA + SCC + Data Privacy Framework |
| Resend (Resend Inc.) | Transactional email (verification, password reset, notifications) | USA | Europe (EU region) | DPA + SCC + Data Privacy Framework |
| SiteGround (SiteGround Hosting Ltd) | Human mailboxes (info@, support@, beta@, privacy@) + DNS | EU (Bulgaria) | Europe | DPA (intra-EU processing) |
| ActiveCampaign | Newsletter + beta signup form | USA | USA | DPA + SCC + Data Privacy Framework |
| Apple App Store (Apple Inc.) | iOS subscription payments | USA | USA + Europe | Data Privacy Framework + Apple terms |
| Google Play (Google LLC) | Android subscription payments | USA | USA + Europe | Data Privacy Framework + Google terms |
| Stripe (Stripe Inc.) | Web subscription payments | USA | USA + Europe | DPA + SCC + Data Privacy Framework |
| Umami Cloud | Privacy-friendly site analytics (no cookies, no profiling) | USA | Europe (EU region) | DPA + SCC + Data Privacy Framework |
We do not use: Google Analytics, Mixpanel, Amplitude, Sentry, Firebase, Meta Pixel, TikTok Pixel, LinkedIn Insight Tag, nor any other behavioural tracking or commercial profiling system.
6. Extra-EU data transfers
Some of our providers are companies based in the United States of America (see §5). Such transfers occur with the following safeguards:
- Standard Contractual Clauses (SCC) signed under Implementing Decision (EU) 2021/914.
- EU-US Data Privacy Framework (Implementing Decision (EU) 2023/1795), for providers that have joined it.
- Supplementary technical measures (encryption in transit and at rest, isolation of data in European regions where available).
The user can request a copy of the applied safeguards by writing to privacy@cashfulness.com.
7. Retention periods
| Data category | Retention period |
|---|---|
| User account + accounting data + E2EE documents | For the entire account lifetime; effective deletion within 30 days of the request (the 30 days allow a reversible soft-delete for accidental requests) |
Security logs (login_history, IP, user agent) | 6 months from the session date |
| Anonymous aggregated usage logs (Improvement Programme) | 6 months rolling; on opt-out, we stop collecting new ones immediately |
| Encrypted automatic backups (Ultra plan only) | 30 days rolling, then overwritten |
| Newsletter (if subscribed) | Until explicit cancellation by the user (unsubscribe link in every email) |
| Billing data | Not applicable: Cashfulness does not issue invoices or fiscal receipts to end users (see §3.7); these are issued by Apple, Google or Stripe |
8. Data subject rights
Under Articles 15–22 GDPR, the user has the right to:
- Access the personal data concerning them (Art. 15)
- Rectification of inaccurate or incomplete data (Art. 16)
- Erasure of data (“right to be forgotten”, Art. 17)
- Restriction of processing (Art. 18)
- Portability of data in a structured, machine-readable format (Art. 20)
- Objection to processing based on legitimate interest (Art. 21)
- Withdrawal of consent at any time, for processing based on consent (Art. 7.3)
- Complaint to the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali): Piazza Venezia 11, 00187 Rome — tel. +39 06 696771 — PEC protocollo@pec.gpdp.it — web www.garanteprivacy.it
8.1. How to exercise these rights
To exercise any of the rights listed above, the user can:
- Write to
privacy@cashfulness.comindicating the right they intend to exercise, the email associated with the Cashfulness account, and — for deletion — any confirmation of being aware of the irreversibility for E2EE documents. - For the right to erasure (full account deletion): the function is available directly in the app, under “Settings → Delete account”. Effective deletion occurs within 30 days.
- To disable the Improvement Programme (opt-out): from “Settings → Improvement Programme” in the app. Immediate effect.
We will respond within 30 days of the request (extendable by a further 60 days for particularly complex requests, under Art. 12.3 GDPR; the user will be informed if so).
9. Data security
We adopt appropriate technical and organizational measures to protect personal data:
- Encryption in transit: all communications use HTTPS/TLS 1.3.
- Encryption at rest: Supabase databases use the provider’s standard at-rest encryption.
- End-to-end encryption for user-uploaded documents (see §3.4).
- Strong authentication: passwords with minimum complexity requirements; biometric support (Touch ID, Face ID) where available on the device.
- Row Level Security (RLS) on all database tables: each user accesses only their own data.
- Access logging: login tracking for suspicious access detection (see §3.2).
- Regular updates of software dependencies to close known vulnerabilities.
No system is 100% invulnerable. In the event of a personal data breach with risk to users, we will notify the Italian Data Protection Authority within 72 hours of discovery (Art. 33 GDPR) and — if the risk is high — we will inform the affected users directly (Art. 34 GDPR).
10. Minors
The Cashfulness service is intended for persons aged at least 18 years (legal capacity threshold under Italian law, Art. 2 of the Italian Civil Code), or the age of majority under the law of the user’s country of residence if higher than 18.
Under the GDPR and Art. 2-quinquies of the Italian Privacy Code, the minimum age for autonomous consent of a minor to personal data processing is lower (14 years in Italy, 16 years as EU default). For Cashfulness, the contractual age limit of 18 years is the one actually enforced, because the relationship with the user is contractual in nature (see Terms and Conditions §4.1) and requires full legal capacity.
We do not intentionally collect data of minors under 18. If we become aware of an account created by a minor without the required legal capacity, we will delete it without delay.
11. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy over time, for regulatory updates or service changes. Modifications are published on this page with the date updated at the top.
For substantial changes affecting processing purposes or legal bases, we will inform active users by email at least 30 days before the changes take effect, giving them the opportunity to review the new conditions and, if they wish, to delete the account before they become effective.
12. Contacts
For any question regarding personal data processing:
- Privacy email: privacy@cashfulness.com
- General support email: info@cashfulness.com
- Certified email (PEC): vittoriogiusti.com@pec.it
- Postal mail: Vittorio Giusti srl, Via del Campisano 520, 55054 Massarosa (LU), Italy
13. Applicable law and jurisdiction
This Privacy Policy is governed by Italian law and Regulation (EU) 2016/679.
Court of jurisdiction: Lucca, Italy, except for mandatory consumer protection provisions (Art. 66-bis of the Italian Consumer Code), under which the consumer may turn to the court of their place of residence or domicile.