Trovido Trovido
Sign up Log in
it en es fr de pt zh ja ar hi ru

Privacy Policy

Last updated: 29/06/2026

Last updated: June 2026

1. Data Controller

GiaNet Media di Francesco Giannetta (VAT no. IT04410590758), with registered office at via Canonico Martire Schito 13 — 73028 Otranto (LE), Italy, in its capacity as Data Controller, informs the user pursuant to Regulation (EU) 2016/679 (GDPR) about the processing of personal data collected through the website trovido.com and the Trovido platform. For privacy requests: support system.

2. The Service

Trovido is a territorial directory that collects and organizes local businesses (accommodations, food and beverage, experiences, services and more) on an interactive map. Browsing is free and does not require registration. Registered users can save favorites and report content; business owners can claim and manage their own listing (photos, contacts, description) and purchase visibility services.

3. Data Collected

3.1 Data provided by the user

  • Registration: name, email, password (encrypted with bcrypt)
  • Favorites: list of saved listings
  • Business claim: data needed to verify entitlement to manage a listing
  • Listing management (owners): the business information that the owner chooses to publish (name, contacts, address, description, photos, codes required by law — e.g. CIN for accommodation facilities)
  • Reports: the content of reports submitted through the "Report" function

3.2 Data collected automatically

  • IP address, browser type, operating system, preferred language
  • Technical and possibly analytical cookies (see Cookie Policy)
  • Listing statistics: view and interaction events (clicks on contacts, directions, website) in aggregated and pseudonymized form through an encrypted session identifier, without identifying the individual person
  • "Near me" geolocation: the browser's position is used only if the user voluntarily activates proximity search, in real time to calculate the radius. It is not stored.
  • Push notifications: browser subscription endpoint and keys (Web Push / VAPID standard), only if the user enables them

4. Purposes of Processing

  • Service provision: account, favorites, listing claim and management, map and radius search
  • Paid visibility: management of the "Featured" subscription and credit-based boosts, billing and EU right of withdrawal
  • Statistics: aggregated counts for the benefit of the listing owner and to improve the service
  • Security: abuse prevention, rate limiting, account protection

5. Legal Basis

  • Contract (Art. 6.1.b GDPR): service provision and payment management
  • Legal obligation (Art. 6.1.c GDPR): tax and accounting requirements
  • Consent (Art. 6.1.a GDPR): analytical cookies, push notifications, "Near me" geolocation
  • Legitimate interest (Art. 6.1.f GDPR): security, abuse prevention, aggregated statistics

6. Third-Party Services and Data Sharing

Personal data may be shared with:

  • Hosting provider: the infrastructure on which the service is delivered, in its capacity as data processor
  • Stripe Inc.: payment processing for visibility services (stripe.com/privacy) — card data does not pass through our servers
  • OpenStreetMap / Nominatim: address geocoding for geographic search — only the textual address is sent, no personal data
  • AI providers (Google, Anthropic, OpenAI): for content assistance features (see section 6bis)
  • Authorities: if required by law

We do not sell personal data to third parties.

6bis. Artificial Intelligence

Trovido may offer optional features to assist with the creation of listing content (e.g. generating descriptions). When used, only the necessary text is processed by third-party providers (Google — Gemini; Anthropic — Claude; OpenAI — GPT) acting as data processors. The data sent is reduced to the minimum, does not include direct identifiers and is not used to train the models (opt-out active). The data may transit to servers in the EU and the USA with adequate safeguards (standard contractual clauses, Data Privacy Framework).

7. Listings from Open Sources

Some not yet claimed listings are created from public domain data to populate the directory: OpenStreetMap (ODbL license) and Open Data of the Puglia Region / PugliaPromozione (CC-BY license). The source is indicated in the listing. The business owner may at any time claim the listing to correct it, complete it or request its removal.

8. Data Retention

  • Active account: for the entire duration of the account
  • After deletion: up to 30 days, then permanent deletion
  • Tax data: 10 years as required by Italian law
  • Aggregated statistics: retained in non-identifying form
  • Security logs: 12 months

9. Rights of the Data Subject

Pursuant to Articles 15-22 of the GDPR you have the right of access, rectification, erasure ("right to be forgotten"), restriction, portability, objection and withdrawal of consent. To exercise them, contact us through the support system.

10. Data Transfer

Some providers (e.g. Stripe) may process data outside the EU, ensuring adequate protection measures (adequacy decisions, standard contractual clauses, EU-US Data Privacy Framework).

11. Security

We adopt appropriate technical and organizational measures: password encryption (bcrypt), HTTPS communications, security headers (CSP, HSTS), rate limiting, restricted access to data and regular backups.

12. Minors

The service is not intended for minors under 16 years of age. We do not knowingly collect data of minors.

13. Complaints

You may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) (garanteprivacy.it).