Privacy Policy

TuttoPieno is operated by Lugano AI Technologies S.a.g.l., a company registered in Switzerland (VAT CHE-376.732.976), with registered offices at Salita delle Ginestre 4, 6900 Lugano, Switzerland. We provide an AI-powered club management platform to sports clubs and their members across Europe.

For all data-related matters, contact us at: info@pietrobonazzi.com

We collect data in the following categories:

Account & Identity Data: Name, email address, phone number, and role within a club (owner, staff, member).

Booking & Usage Data: Court reservations, session timestamps, cancellations, no-show history, and access logs.

Payment Data: Billing information is processed by Stripe. TuttoPieno does not store full card numbers or CVV codes.

Behavioural Data: In-app actions, feature usage, and engagement patterns — used to improve the product and generate club-level insights.

Device & Technical Data: IP address, browser type, operating system, and session identifiers — collected automatically via cookies and server logs.

Communications: Emails, support tickets, and demo requests you send to us.

We use your data to:

- Provide and operate the TuttoPieno platform and its features
- Send transactional emails (booking confirmations, reminders, invoices)
- Generate analytics dashboards for club administrators
- Detect fraudulent or unauthorised activity
- Improve our AI models for no-show prediction and dynamic pricing (using anonymised, aggregated data only)
- Respond to support requests
- Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

We process personal data under the following legal bases (GDPR Art. 6):

- Contract performance: Processing necessary to fulfil our service agreement with clubs and members.
- Legitimate interests: Improving our product, preventing fraud, and ensuring platform security.
- Legal obligation: Retaining financial records and responding to lawful requests from authorities.
- Consent: For optional marketing communications, which you can withdraw at any time.

We retain personal data for as long as your account is active or as needed to provide services. Specific retention periods:

- Account data: Retained for the duration of the contract, plus 24 months after termination.
- Booking records: 36 months from the date of the booking.
- Financial records: 7 years, as required by Italian tax law.
- Support communications: 24 months from case closure.

You may request deletion of your data at any time (see Section 7). Some data may be retained longer if required by law.

We share data only with:

- Stripe: Payment processing. Stripe is PCI-DSS compliant and operates under its own privacy policy.
- AWS (Amazon Web Services): Cloud infrastructure. Data is stored in the EU (Frankfurt, eu-central-1) region.
- Postmark / SendGrid: Transactional email delivery.
- Intercom: Customer support and in-app messaging.
- Analytics tools (e.g. PostHog): Product analytics, configured to anonymise IP addresses.

All sub-processors are bound by data processing agreements (DPAs) and GDPR-compliant terms.

Under GDPR, you have the following rights:

- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Ask us to correct inaccurate or incomplete data.
- Right to erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
- Right to restriction: Ask us to limit how we process your data in certain circumstances.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email: info@pietrobonazzi.com. We will respond within 30 days.

We use the following types of cookies:

- Essential: Required for the platform to function (authentication, CSRF protection). Cannot be disabled.
- Analytics: Track aggregate usage patterns to improve the product (PostHog, anonymised). Can be disabled.
- Preferences: Remember your settings such as language and theme.

You can manage non-essential cookies via the cookie banner shown on first visit or through your browser settings.

We implement industry-standard security measures including:

- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Role-based access controls
- Regular penetration testing
- SOC 2 Type II compliance (in progress)
- Incident response plan with 72-hour breach notification to authorities as required by GDPR Art. 33

Despite these measures, no system is completely secure. If you believe your data has been compromised, contact us immediately at info@pietrobonazzi.com.

All personal data is stored and processed within the European Economic Area (EEA). If data is ever transferred outside the EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) as required by GDPR Chapter V.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the change takes effect. The "Last Updated" date at the top of this page reflects the most recent revision.

Data Controller:
Lugano AI Technologies S.a.g.l.
Salita delle Ginestre 4, 6900 Lugano, Switzerland
info@pietrobonazzi.com

Data Protection Officer (DPO):
info@pietrobonazzi.com

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Italy: Garante per la protezione dei dati personali (www.garanteprivacy.it).