Privacy Policy

Last updated: January 25, 2026

1. Data Controller

The data controller responsible for your personal data is:

Corvo Studio
VAT ID: IT02600130393
Email: privacy@easyred2.com

We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679.

2. Data We Collect

When you use the Easy Red 2 Wiki, we may collect the following personal data:

2.1 Account Registration

  • Username: A publicly visible identifier you choose
  • Email address: Used for account recovery and important notifications
  • Password: Stored securely using industry-standard bcrypt hashing (we never store plain text passwords)

2.2 Automatically Collected Data

  • IP Address: Collected for security purposes (login protection, abuse prevention)
  • Browser Information: User agent string for compatibility and security
  • Access Timestamps: Login times and activity logs for security auditing

2.3 User-Generated Content

  • Wiki edit proposals and contributions
  • Any content you voluntarily submit to the wiki

3. Purpose of Data Processing

We process your personal data for the following purposes:

  • Account Management: To create and maintain your user account
  • Wiki Contributions: To attribute your contributions and manage the editorial workflow
  • Security: To protect against unauthorized access, fraud, and abuse
  • Communication: To send essential account-related notifications
  • Legal Compliance: To comply with applicable laws and regulations

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Consent (Art. 6(1)(a)): You provide consent when creating an account and accepting this privacy policy
  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the wiki service you requested
  • Legitimate Interests (Art. 6(1)(f)): Security measures and fraud prevention
  • Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws

5. Data Storage and Location

🇪🇺 Your data is stored within the European Union.

Our website is hosted by Hostinger, with servers located in the European Union. This ensures your data remains protected under EU data protection laws and GDPR requirements.

We do not transfer your personal data outside the European Economic Area (EEA) unless required by law and with appropriate safeguards in place.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy:

  • Account Data: Retained while your account is active. Deleted upon account deletion request.
  • Security Logs: IP addresses and access logs are retained for up to 12 months for security purposes.
  • Wiki Contributions: Content contributions may be retained for historical and attribution purposes, but can be anonymized upon request.

7. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

📋 Right of Access

Request a copy of your personal data we hold

✏️ Right to Rectification

Request correction of inaccurate or incomplete data

🗑️ Right to Erasure

Request deletion of your personal data ("right to be forgotten")

⏸️ Right to Restriction

Request limitation of processing in certain circumstances

📦 Right to Portability

Receive your data in a machine-readable format

✋ Right to Object

Object to processing based on legitimate interests

To exercise any of these rights, please contact us at privacy@easyred2.com. We will respond to your request within 30 days.

8. Data Sharing

We do not sell your personal data.

Your personal data is never sold, rented, or traded to third parties for marketing or commercial purposes.

We may share your data only in the following limited circumstances:

  • Service Providers: Hosting provider (Hostinger) for website operation, under strict data processing agreements
  • Legal Requirements: When required by law, court order, or governmental authority
  • Safety: To protect the rights, safety, or property of our users or the public

9. Cookies

We use only essential cookies necessary for the website to function:

  • Session Cookie: Maintains your login session (expires when you close browser or after 24 hours of inactivity)
  • CSRF Token: Security cookie to prevent cross-site request forgery attacks

We do not use tracking cookies, analytics cookies, or advertising cookies. No data is shared with advertising networks.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • HTTPS encryption for all data transmission
  • Bcrypt password hashing (passwords are never stored in plain text)
  • Regular security updates and monitoring
  • Access controls limiting who can view personal data
  • Prepared statements for database queries (SQL injection prevention)

11. Children's Privacy

This website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Italy, this is:

Garante per la Protezione dei Dati Personali
Website: www.garanteprivacy.it
Email: protocollo@pec.gpdp.it

14. Contact Us

For any questions or requests regarding this Privacy Policy or your personal data, please contact us:

Corvo Studio
Email: privacy@easyred2.com
VAT ID: IT02600130393