ENIT
AffittoCheck

Privacy Policy

AffittoCheck processes documents only to generate the requested analysis, without creating user accounts. This notice explains what data is processed, how long it is kept, and which providers are involved.

Controller and contact

AffittoCheck is the project providing the AI analysis service. For service or data requests, you can write to affittocheck@gmail.com.

Data processed

The service may process the uploaded file, extracted text, AI-generated result, translations, PDF report, payment status, essential technical metadata, and a temporary token used to reopen the result without an account.

Purpose of processing

Data is used to generate the free preview, make the Premium report available if purchased, create the bilingual PDF, prevent technical abuse, and manage payment status.

Legal basis

Processing is carried out to provide the service requested by the user, for the legitimate interest of security and abuse prevention, and, where necessary, for obligations connected with payment handling.

Retention

Contract, AI result, translations, and PDF are stored temporarily for up to 24 hours and then deleted through an automatic cleanup process. Content is encrypted before storage.

Providers

Supabase is used for database and storage, OpenAI for analysis and translation, Stripe for checkout and payment, and the hosting provider to serve the app. AffittoCheck does not store card details.

Security

Files and results are stored as encrypted content and are not public. Access is handled through server routes and a temporary token, without user accounts.

User rights

You may request information, correction, or deletion of data that is still available. Because data is deleted within 24 hours, some requests may no longer be possible once content has already been removed.

AI limitations

The analysis may contain mistakes or omissions. Legal references are informational and should be checked by a qualified professional before making decisions.

Supervisory authority

If you believe data processing is not appropriate, you may contact the competent data protection authority under applicable law.