Privacy Notice

Last updated: 10 June 2026

1. Data controller

The data controller for personal data processed through SellerBoost AI is Rodrigo Paiva, a sole trader (ditta individuale) established in Italy, VAT number (Partita IVA) 14647770966. Contact: contatti@bialab3d.it.

This Privacy Notice explains what personal data we collect when you use SellerBoost AI (the "Service"), why we collect it, who we share it with, and what rights you have under the EU General Data Protection Regulation (GDPR) and Italian data-protection law.

2. Personal data we collect

CategoryExamples
Account dataemail address, hashed password, Google account ID if you sign in with Google
Service contentprompts you submit (product names, descriptions, keywords) and the AI-generated titles, descriptions and tags
Usage datacredit balance, feature usage, generation history, language preference
Technical dataIP address, browser type, device identifiers, log timestamps, error reports
Support datamessages you send us by email
Subscription datasubscription status, plan, current period; collected from Paddle (see §4)

Payment data (card details, billing address) is collected and processed by Paddle as an independent data controller; we never receive your card number.

3. Purposes and legal basis

  • Create and operate your account, deliver the Service (account data, service content, usage data) — legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • Generate AI outputs (prompts, outputs) — legal basis: performance of a contract.
  • Security, fraud and abuse prevention (technical data, usage data) — legal basis: legitimate interests (Art. 6(1)(f)) in keeping the Service safe.
  • Customer support (support data, account data) — legal basis: performance of a contract / legitimate interests.
  • Product improvement and analytics (aggregated usage data) — legal basis: legitimate interests.
  • Legal compliance (e.g. accounting obligations) — legal basis: legal obligation (Art. 6(1)(c)).
  • Marketing communications, if any — legal basis: your consent (Art. 6(1)(a)), which you can withdraw at any time.

4. Who we share data with

We share personal data with the following categories of recipients:

  • Lovable Cloud / Supabase — hosting, database and authentication infrastructure (subprocessor);
  • Paddle.com — our reseller and Merchant of Record; processes payments, manages subscriptions, calculates and remits applicable taxes, issues invoices and handles refunds;
  • Google — if you choose to sign in with Google (OAuth);
  • Lovable AI Gateway and underlying LLM providers — to process your prompts and return generated content;
  • Professional advisers (accountants, lawyers) — only where necessary;
  • Competent authorities — where required by law.

We do not sell your personal data and we do not share it for third-party advertising.

5. International transfers

Some of our service providers (including Paddle and certain AI model providers) may process data outside the European Economic Area. When this happens we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, or adequacy decisions where available.

6. Data retention

  • Account data and service content — for as long as your account exists, and up to 30 days after deletion to allow for recovery and backups;
  • Billing and tax records — for the period required by Italian and EU accounting law (typically 10 years);
  • Logs and security data — typically up to 12 months;
  • Support emails — typically up to 24 months.

After these periods data is deleted or irreversibly anonymised.

7. Your GDPR rights

You have the right to:

  • access your personal data and obtain a copy;
  • request rectification of inaccurate data;
  • request erasure ("right to be forgotten");
  • request restriction of processing;
  • data portability;
  • object to processing based on legitimate interests;
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali – garanteprivacy.it) or with the supervisory authority of your EU member state.

To exercise these rights, contact contatti@bialab3d.it. We will respond within one month, in line with Art. 12 GDPR.

8. Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS), encryption at rest, role-based access controls, database row-level security and regular monitoring. No system is completely secure, but we continuously work to reduce risk.

9. Cookies

SellerBoost AI uses only essential cookies and similar local-storage mechanisms strictly necessary to keep you signed in and to operate the Service (for example, your authentication session). We do not use third-party analytics or advertising cookies on the application. If this changes in the future, we will update this notice and ask for your consent where required.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Material changes will be notified by updating the "Last updated" date and, where appropriate, by email or in-app notice.

12. Contact

For any privacy-related question or request, contact contatti@bialab3d.it.