Privacy policy
Last updated: 2026-06-25
This privacy policy describes how Coopera S.a.s. ("we" or "Controller") processes personal data collected through the website counterbrain.com and its demo, in accordance with EU Regulation 2016/679 (GDPR).
Data controller
Coopera di Francesco Saverio Canepa & C. S.a.s.Via San Quintino 25, 00185 Roma (RM)
VAT: 18306221005 · REA RM-1776131
PEC: cooperasas@pec.it
Privacy contact: info@counterbrain.com
No Data Protection Officer (DPO) has been appointed, as the processing does not fall within the mandatory cases set out in Art. 37 GDPR. For any privacy-related matter, please contact us at the address shown above.
Data we process
- Contact form data (name, email, message) submitted to the `brain.contact_request` table on Supabase (EU region eu-west-1).
- Technical logs generated by the server and CDN: IP address, user-agent, timestamp, requested URL. Where possible, these data are processed in anonymous or pseudonymous form.
- Demo session data at `/app`: session identifier, language preference, interactions with the contradiction engine. We do not collect data about the user's actual decisions beyond what is strictly necessary for the demo to function.
Purposes and legal bases
- Responding to contact and commercial enquiries — legal basis: pre-contractual measures (Art. 6(1)(b) GDPR) or legitimate interest (Art. 6(1)(f) GDPR).
- Providing the demo and improving the service — legal basis: consent (Art. 6(1)(a) GDPR) or legitimate interest in product improvement.
- System security, abuse prevention, and technical maintenance — legal basis: legitimate interest (Art. 6(1)(f) GDPR).
Retention
- Contact requests: retained until the request is handled and for a limited subsequent period (maximum 24 months) for internal documentation purposes.
- Server/CDN technical logs: retained for the minimum period necessary for security and diagnostics (generally 30–90 days, unless otherwise specified by the provider).
- Demo session data: deleted at the end of the session or within 7 days.
Recipients and processors
Data are processed by entities designated as processors pursuant to Art. 28 GDPR:
- Supabase Inc. — database hosting (region eu-west-1, EU). Transfers are subject to appropriate safeguards (Standard Contractual Clauses, where applicable).
- Vercel Inc. — website hosting and edge network.
- Railway Inc. — contradiction engine hosting.
- Google Ireland Ltd — audience measurement (Google Analytics 4), enabled only upon prior consent. Transfers to the United States are subject to appropriate safeguards (Standard Contractual Clauses and the EU-US Data Privacy Framework).
We do not sell, transfer, or use personal data for commercial profiling purposes on behalf of third parties.
Your rights
As a data subject, you have the right to: access your data (Art. 15), rectify them (Art. 16), erase them (Art. 17), restrict processing (Art. 18), request portability (Art. 20), object to processing (Art. 21), and not be subject to automated decisions (Art. 22 GDPR).
- To exercise your rights, write to info@counterbrain.com. We will respond within 30 days of receiving your request.
- You have the right to lodge a complaint with the supervisory authority: Garante per la protezione dei dati personali (garanteprivacy.it).
Changes
This privacy policy may be updated at any time. Material changes will be communicated with reasonable notice via the website. The date of the last revision is shown at the bottom of the document.