Sakhi Italia
SakhiItalia
5/5

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how Sakhi Italia ("we", "us") collects, uses, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and applicable Italian data protection law.

1. Data Controller

The data controller responsible for your personal data is Sakhi Italia, operated within the European Union. For all privacy-related inquiries, the contact details are:

  • Entity: Sakhi Italia
  • Registered presence: Italy (EU)
  • Email (DPO / privacy contact): privacy@sakhiitalia.com
  • Postal contact: available on request via the email above

2. Age Restriction

Sakhi Italia is intended exclusively for adults. You must be at least 18 years old to create an account or use the platform. We do not knowingly collect or process personal data of minors. If we become aware that an account belongs to a person under 18, we will suspend the account and delete the associated data.

3. Data We Collect

  • Account data: name, email address, profile photo, bio, location, language preference, role (user / provider).
  • Content you publish: service listings, posts, comments, exchange items, reviews, photos.
  • Communications: messages exchanged with other users in 1:1 and group conversations.
  • Usage data: login timestamps, device locale, basic feature interactions (in aggregated, non-identifying form where possible).
  • Payment data: handled directly by Stripe (our payment processor). We store only your subscription status, Stripe customer ID, and billing-period dates — never your full card number.
  • Reports & moderation data: reports you file against other users, and the outcome of moderation actions on your account.

4. Legal Basis for Processing (Art. 6 GDPR)

We process your personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): creating and operating your account, enabling profile and listing features, delivering messages, processing your subscription.
  • Consent (Art. 6(1)(a)): optional features such as email or push notifications (you can withdraw consent at any time in Profile > Settings).
  • Legitimate interests (Art. 6(1)(f)): preventing abuse, fraud, and spam; ensuring platform security; basic product analytics. We balance these interests against your rights and you can object at any time.
  • Legal obligation (Art. 6(1)(c)): retaining limited records to comply with Italian and EU tax, accounting, and law-enforcement requirements where applicable.

5. How We Use Your Data

  • To provide, maintain, and improve the platform.
  • To enable communication between users (including delivery of messages and notifications).
  • To process subscription payments and manage your premium access.
  • To moderate content and enforce our Terms of Service and community guidelines.
  • To send transactional emails (account-related) and, if you have opted in, optional notifications.

6. Third-Party Processors (Sub-Processors)

We rely on the following data processors, each bound by a Data Processing Agreement that requires GDPR-compliant safeguards:

  • Supabase — database, authentication, file storage, realtime. Hosted in the EU (Frankfurt, Germany).
  • Stripe Payments Europe, Ltd. — subscription billing and payment processing. Stripe is the controller for the card data it directly collects.
  • Resend — transactional email delivery (e.g. verification emails, password resets).
  • Vercel — application hosting, edge runtime, and CDN delivery.

An up-to-date list of sub-processors is available on request from privacy@sakhiitalia.com.

7. International Transfers

Your personal data is primarily stored within the European Economic Area (EEA). Where a processor (such as Stripe or Vercel) transfers data outside the EEA, those transfers are covered by the European Commission's Standard Contractual Clauses (SCCs) under Art. 46 GDPR, supplemented by additional technical and organisational safeguards (encryption in transit and at rest, access controls). We will not transfer your data to a third country that does not provide an adequate level of protection without an appropriate safeguard.

8. Messaging & Communication Storage

Messages you exchange with other users are stored on our database to enable continuous access to your conversation history. The following rules apply:

  • Retention while active: messages are retained for as long as the conversation exists and at least one participant has an active account.
  • Deletion by sender: when you delete a message, its content is removed and replaced with a tombstone marker ("Message deleted") visible to the other participants.
  • Account deletion: when you delete your account, your messages are anonymised (the sender reference is detached) so that conversations remain coherent for the other participants, while your personal identifiers are removed within 30 days.
  • Reports / safety holds: messages flagged in a moderation report may be retained for up to 12 months solely to investigate the report and meet legal obligations.

We do not read private messages other than when strictly necessary to act on a user report, comply with a binding legal request, or protect the safety of our users.

9. Data Retention

  • Account data: retained while your account is active.
  • After account deletion: personal data is removed within 30 days.
  • Billing records: retained for up to 10 years where required by Italian tax and accounting law.
  • Moderation logs: retained up to 12 months after the related incident.
  • Backups: rotated and overwritten on a 30-day cycle.

10. Your Rights (GDPR)

Under Articles 15–22 GDPR you have the right to:

  • Access: obtain a copy of the personal data we hold about you (Profile > Data Export).
  • Rectification: correct inaccurate or incomplete personal data (Profile > Edit).
  • Erasure ("right to be forgotten"): request deletion of your account and personal data (Profile > Settings).
  • Portability: receive your data in a structured, machine-readable JSON format.
  • Restriction: ask us to limit the processing of your data while a dispute is resolved.
  • Objection: object to processing based on our legitimate interests.
  • Withdraw consent: at any time, without affecting prior lawful processing.
  • Lodge a complaint: with the Italian data protection authority, the Garante per la protezione dei dati personali (www.garanteprivacy.it), or with the supervisory authority of your habitual residence.

11. Security

We use HTTPS encryption in transit and Supabase encryption at rest. Database access is governed by Row Level Security (RLS) policies, so users can only read and write the rows they own or are a member of. Administrative actions are logged. We follow the principle of least privilege for all internal access.

12. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or cross-site tracking cookies.

13. Automated Decision-Making

We do not subject users to decisions based solely on automated processing (Art. 22 GDPR). Moderation decisions that meaningfully affect your account are reviewed by a human.

14. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified through the platform and/or by email. The "Last updated" date at the top of the page reflects the most recent revision.

15. Contact

For privacy questions, requests under Articles 15–22 GDPR, or to contact our Data Protection contact, write to privacy@sakhiitalia.com.