Last updated · June 2026
Privacy Policy
This Privacy Policy explains how Francesco (the "Provider", "I", "we") collects, uses, stores and protects personal data of visitors and Clients of the Prince Allocation Protocol™ service (the "Service"). The Provider acts as data controller within the meaning of Regulation (EU) 2016/679 ("GDPR").
1. Data we collect
We process the following categories of personal data:
- Identification and contact data — name, email address, country, time zone, communication identifiers (e.g. video-call handle), provided by you at checkout or onboarding.
- Eligibility data — declarations you make regarding investing experience and absence of industry-professional status (see Terms, Section 3).
- Transaction data — order reference, plan purchased, amount, currency, payment status. Card data is processed directly by our third-party payment processor and is never received or stored by the Provider.
- Communication content — written messages and any notes the Provider takes to deliver the Service. Video calls are not recorded unless both parties expressly agree in writing.
- Technical data — basic server logs (IP address, user agent, timestamp) needed to operate and secure the website.
The Provider does not request and does not knowingly process special categories of data (art. 9 GDPR).
2. Why we process data (purposes and legal bases)
- To deliver the Service you purchased — art. 6(1)(b) GDPR (performance of a contract).
- To process payments and refunds — art. 6(1)(b) and 6(1)(c) GDPR.
- To verify eligibility and prevent ineligible access — art. 6(1)(b) and 6(1)(f) GDPR (legitimate interest in the integrity of the Service).
- To comply with accounting, tax and anti-fraud obligations — art. 6(1)(c) GDPR.
- To respond to your enquiries and support requests — art. 6(1)(b) and 6(1)(f) GDPR.
- To secure the website and detect abuse — art. 6(1)(f) GDPR.
The Provider does not use your data for behavioural profiling and does not take automated decisions producing legal effects on you.
3. Marketing
The Provider does not send marketing emails by default. If marketing communications are sent, they are based on your explicit consent (art. 6(1)(a) GDPR) and you may withdraw consent at any time using the unsubscribe link or by email.
4. Processors and third parties
To operate the Service we rely on carefully selected processors, including:
- Our third-party checkout and payment processor;
- Video-conferencing provider used for the live calls;
- Email and scheduling providers;
- Hosting and infrastructure providers for the website.
Each processor acts under a Data Processing Agreement compliant with art. 28 GDPR. The Provider does not sell personal data to third parties.
5. International transfers
Some processors are based outside the EEA (e.g. in the United States). Transfers are protected by the Standard Contractual Clauses adopted by the European Commission and, where applicable, by adequacy decisions or supplementary measures.
6. Retention
- Contact and onboarding data: for the duration of the Service plus 24 months.
- Transaction and accounting records: 10 years, as required by Italian tax law.
- Server logs: up to 12 months.
- Communication content: up to 24 months after the end of the Service, unless a longer retention is needed to defend legal claims.
7. Security
We apply reasonable technical and organisational measures to protect personal data, including encrypted connections, access controls and least-privilege principles. No system is fully secure; in the event of a personal data breach affecting your rights and freedoms, we will notify you and the competent supervisory authority as required by art. 33 and 34 GDPR.
8. Your rights
Under the GDPR you have the right to:
- access your personal data (art. 15);
- rectify inaccurate data (art. 16);
- erase your data, where applicable (art. 17);
- restrict processing (art. 18);
- data portability (art. 20);
- object to processing based on legitimate interest (art. 21);
- withdraw consent at any time, where consent is the legal basis (art. 7).
You may exercise these rights by writing to the email address provided at onboarding. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or with the supervisory authority of your EU country of residence.
9. Cookies
The website uses only strictly necessary technical cookies required to operate the site and remember your preferences. No advertising, profiling or third-party tracking cookies are set without your prior consent.
10. Children
The Service is not directed at minors. We do not knowingly collect data from individuals under 18. If you believe a minor has provided us data, contact us and we will delete it.
11. Changes
We may update this Privacy Policy. The current version always applies. Where changes are material, we will take reasonable steps to inform active Clients.
12. Contact
For any privacy-related request, contact the Provider at the email address provided at onboarding.