Privacy Policy

Last updated: 14 February 2026

1. Data Controller

This Privacy Policy explains how personal data is processed in relation to the Paranoid website and software.

• Controller: Immaginet Srl
• Address: Via Pelliccerie 10, Italy
• VAT: IT02915190306
• Contact email: immaginet@pec.it

2. Categories of Data Processed

Depending on your interaction with our website and product, we may process:

• Identity and contact data (e.g., email address in support/legal requests).
• Transactional and billing metadata generated in the purchase flow (managed by Paddle as Merchant of Record).
• Technical website data strictly necessary for security, fraud prevention, and service delivery.
• Cookie preferences and consent choices.

3. Purposes and Legal Bases (Art. 6 GDPR)

• Contract performance (Art. 6(1)(b)) for order management, delivery, and license operations.
• Legal obligations (Art. 6(1)(c)) for tax, accounting, and regulatory compliance.
• Legitimate interests (Art. 6(1)(f)) for service security, fraud prevention, and legal defense.
• Consent (Art. 6(1)(a)) for non-essential cookies, if introduced in future.

4. Mandatory vs Optional Data

Data required to fulfill purchases or legal obligations is necessary. Without such data, we may be unable to provide delivery, licensing, invoicing, or lawful service operations.

5. Data Recipients and Processors

Personal data may be processed by authorized staff and trusted service providers acting as processors or independent controllers depending on context, including:

• Paddle for payment processing, taxation, and merchant-of-record activities.
• Hosting and infrastructure providers for website delivery and security.
• Professional advisors where required (legal/accounting/compliance).

6. International Data Transfers

If data is transferred outside the EEA, such transfer is performed in compliance with GDPR requirements, including adequacy decisions or appropriate safeguards (e.g., Standard Contractual Clauses), as applicable.

7. Data Retention

Data is retained for no longer than necessary for the purposes stated above and in accordance with legal retention requirements. Transaction and accounting data may be retained for mandatory statutory periods under applicable Italian and EU law.

8. Data Subject Rights

You may exercise your rights under Articles 15–22 GDPR, including access, rectification, erasure, restriction, portability, and objection, as well as withdrawal of consent where processing is consent-based.

You may also lodge a complaint with the competent supervisory authority.

9. How to Exercise Rights

Submit requests to immaginet@pec.it. We may need to verify your identity before fulfilling requests.

10. Cookies and Similar Technologies

Cookie usage is described in our Cookie Policy. At present, no analytics or marketing cookies are deployed by default on this website. Only strictly necessary cookies/local storage required for essential operation and consent recording may be used.

11. Security Measures

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.

12. Policy Updates

We may update this Privacy Policy to reflect legal, operational, or technical changes. Updated versions are published on this page with the revised date.

This Privacy Policy is provided for transparency purposes and does not replace independent legal advice.