Privacy Policy

We collect the following information:

• Account data: Email address and display name when you sign up
• Pin data: messages and exact geographic coordinates (lat/long) you freely choose to publish. These coordinates identify a precise location and become permanently public on the map. It is your sole responsibility NOT to publish your home address or sensitive data.
• Usage data: How you interact with our service

We use your information to:

• Provide and improve our service
• Display your pins and messages on the globe
• Communicate with you about your account
• Ensure platform safety and prevent abuse

Your pins and messages are publicly visible on Globie. We do not sell your personal information to third parties. We may share data with service providers who help us operate Globie (e.g., hosting, analytics).

We implement technical and organizational measures to protect personal data, including: (i) encrypted transport via HTTPS/TLS; (ii) authentication credentials managed by our Auth provider, with passwords not accessible in clear text to the Data Controller; (iii) database access controls (Row Level Security); (iv) cryptographic verification of payment webhooks; (v) antifraud logging for sensitive operations; (vi) encrypted periodic backups. No system is perfectly secure, so users should use strong passwords and report suspicious access promptly.

You have the right to:

• Access your personal data
• Delete your account and associated data
• Update or correct your information
• Export your data

Globie uses only technical cookies that are necessary for the service to function and are installed without any prior consent requirement: (i) authentication cookies (Supabase Auth) to keep you signed in; (ii) functional cookies to remember language and theme preferences; (iii) security cookies (CSRF/anti-fraud). The legal basis is contract performance and the legitimate interest in security. We do not use profiling or advertising-tracking cookies. Any third-party analytics cookies (e.g., Google Analytics) are activated only after free, specific, informed, and revocable consent through a dedicated banner (CMP) and can be disabled at any time from the browser settings or the banner itself. For technical cookies, you can manage preferences directly in your browser.

The service is prohibited for users under 14 in Italy, or below the digital age of consent set by local law (up to 16 years, per Art. 8 GDPR). For users between the minimum legal threshold and 18, use requires parental authorization. Non-compliant accounts may be suspended or removed without delay.

We may update this privacy policy from time to time. We will notify you of significant changes through the service.

If you have questions about this privacy policy, please contact us at privacy@globie.org

We process your personal data based on the following legal grounds:

• Consent: for analytics cookies and marketing communications
• Contract execution: to create pins and manage your account. Pin publication and associated coordinates are made public on the user's voluntary initiative as part of the requested service.
• Legitimate interest: for platform security and fraud prevention
• Legal obligation: for tax and billing data retention

We retain your data for the following periods:

• Account data: until deletion + 30 days for backup
• Published pins: remain public while the account is active; they are permanently deleted when the user deletes their account or requests their removal, unless removed for Terms violations or legal obligations.
• Analytics data: 26 months
• Payment data: 10 years (Italian tax obligations)
• Security logs: 6 months

We use the following service providers to process your data:

• Supabase Inc. (USA) - Database and authentication; data transferred under Standard Contractual Clauses
• Google LLC (USA) - Google Analytics; data transferred under Standard Contractual Clauses
• Stripe Payments Europe Ltd. and related partners/integrated processors - Payment processing (cards and supported methods, including wallets such as PayPal where available); some data processed in USA under Standard Contractual Clauses
• CARTO (Spain) - Mapping services; data may be transferred under Standard Contractual Clauses

Your data may be transferred to the United States. These transfers are made based on Standard Contractual Clauses approved by the European Commission, ensuring an adequate level of protection for your personal data.

Under the GDPR, you have the following rights:

• Right of access: obtain a copy of your personal data
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request deletion of your data
• Right to restriction: limit the processing of your data
• Right to portability: receive your data in a structured format
• Right to object: object to processing based on legitimate interest

In the event of a personal data breach that may pose a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali - www.garanteprivacy.it). However, we encourage you to contact us first at privacy@globie.org to resolve any issues.

Globie does not carry out decision-making processes based solely on automated processing of personal data, including profiling, which produce legal effects or significantly affect the user, pursuant to Art. 22 of Regulation (EU) 2016/679. The user is not subject to any such automated decision-making.