Privacy Policy
This policy explains what personal data Headscovery handles, why, and the choices you have. We deliberately collect very little, and we never sell your data or use it for advertising.
Who we are
Headscovery provides guided self-help programs for behavioral change. This policy covers personal data of people who visit our website and purchase our programs.
The data controller is Simone Astarita, contactable at hello@headscovery.com. Registered address available on request. For any privacy matter you can reach us at hello@headscovery.com.
The data we collect
We collect as little as possible. We do not require you to create an account, and our programs have no login.
- Contact and order data. When you buy a program, our payment provider (Stripe) collects your email address, name, billing country, and payment details, and shares your email and order information with us so we can give you access.
- The fact of your purchase. That you bought a specific program. Because our programs address health-related behaviors, this is sensitive data, handled as described in section 3.
- Technical data. Like any website, our hosting provider records standard server information such as IP address and browser type, for security and reliable delivery.
- Usage statistics. We may use a privacy-friendly, cookieless analytics tool that produces aggregate statistics. It does not identify you and does not track you across other websites.
- On-device memory. So you can continue a program where you left off, we store a small marker in your browser. It stays on your device, is never sent to us, and is used only for that feature.
We do not collect anything you write. Exercises in our programs are done on your own notebook or document and are never submitted to us.
Health-related data and your consent
Our programs address health-related behaviors. Under Article 9 of the GDPR, the fact that you purchase one of our programs is data concerning your health and, depending on the program, your sex life. We treat it with particular care:
- We process it only on the basis of your explicit consent, which you give at checkout before payment.
- We use it only to give you access to the program you bought and to provide support.
- We never sell it, never share it for advertising, and never use it to profile you.
- You can withdraw your consent at any time (see section 8). Withdrawal does not affect processing already carried out and may mean we can no longer provide the program.
Why we process data and our legal bases
- To provide the program and give you access — performance of our contract with you (Art. 6(1)(b)), and for the health-related aspect, your explicit consent (Art. 9(2)(a)).
- To process payment and meet tax and accounting duties — compliance with a legal obligation (Art. 6(1)(c)).
- To keep the website secure and working — our legitimate interest (Art. 6(1)(f)).
- To produce aggregate, non-identifying statistics — our legitimate interest in understanding and improving the website, by means designed not to identify you.
Who we share data with
We share data only with service providers that help us run the service and act on our instructions:
- Stripe — payment processing.
- Netlify — website hosting and delivery.
- Our analytics provider — aggregate, cookieless statistics.
We do not sell your data, and we do not share it with advertisers or data brokers. We may disclose data if required by law or to protect our rights or someone's safety.
International data transfers
Some providers are based outside the European Economic Area, including in the United States. Where data is transferred outside the EEA, it is protected by appropriate safeguards such as the EU-US Data Privacy Framework or the European Commission's Standard Contractual Clauses.
How long we keep your data
- Order and payment records — kept for as long as tax and accounting law requires.
- Email and access information — kept while your access to the program is active and for a reasonable period afterwards.
- Aggregate statistics — do not identify you and are kept without a fixed limit.
When data is no longer needed, we delete it or make it anonymous.
Your rights
Under the GDPR you have the right to access your data, correct it, ask us to delete it, restrict or object to its processing, receive it in a portable format, and withdraw any consent you have given.
To exercise any of these, email hello@headscovery.com. We will respond within the time limits set by law.
You also have the right to lodge a complaint with your local data protection authority. In Italy this is the Garante per la protezione dei dati personali (garanteprivacy.it).
Cookies and similar technologies
We keep cookies to a minimum and do not use advertising or tracking cookies. For details, see our Cookie Policy.
Data security
We work only with established providers that apply recognized security standards. For example, Stripe handles card data under the PCI-DSS standard. No method of transmission or storage is completely secure, but we take reasonable measures to protect your data.
Age requirement
Our programs are intended for adults. They are not directed at anyone under 18, and we do not knowingly collect data from minors.
Changes to this policy
We may update this policy from time to time. We will change the date at the top, and any significant change will be made clear on this page.
How to contact us
For any question about this policy or your data, email hello@headscovery.com.