Privacy Policy

Last updated: June 2026 · Effective date: June 2026

This policy explains what personal data Clearmind collects, why, how it is used, and your rights under the General Data Protection Regulation (GDPR) and applicable Italian law.

1. Data Controller

The data controller for personal data processed through Clearmind is:

Marco Casavecchia
Ceprano (FR), Italy
Email: iosonomarco@gmail.com

As a sole professional operating under Italian regime forfettario, Marco Casavecchia is individually responsible for the processing of your personal data.

2. What Data We Collect

Account data — when you register, we collect your email address and a hashed password via Firebase Authentication (Google LLC).

Programme data — as you use Clearmind, we store your exercise progress, journal entries, questionnaire responses, and thinking belief profile in Firestore (Google LLC). This data is necessary to deliver the programme.

Payment data — if you purchase a subscription, payment is processed by Stripe, Inc. We do not store your card details. We receive only a confirmation of payment and a session identifier from Stripe.

Enquiry data — if you submit a contact form on the Clearmind website, we collect your name, email address, preferred language, topic, and any message you provide.

Analytics data — we use Firebase Analytics (Google LLC) to collect anonymised usage data, including pages visited, features used, and session duration. This data does not directly identify you.

3. Legal Basis for Processing

Contract performance (Art. 6(1)(b) GDPR) — account data and programme data are processed to deliver the Clearmind programme you have subscribed to.
Legitimate interests (Art. 6(1)(f) GDPR) — analytics data is processed to understand how the programme is used and to improve it.
Consent (Art. 6(1)(a) GDPR) — enquiry form data is processed on the basis of your consent, given by submitting the form.

4. How We Use Your Data

To create and manage your account
To deliver and personalise the Clearmind programme
To process your subscription payment
To respond to your enquiries
To understand programme usage and improve the experience
To comply with legal obligations

5. Data Retention

We retain your personal data for as long as your account is active. If you request deletion of your account, your personal data will be permanently deleted within 30 days, except where retention is required by law (for example, for tax or accounting purposes).

Enquiry form data is retained for 12 months and then deleted.

Analytics data is retained in aggregated, anonymised form.

6. Third-Party Services

Clearmind uses the following third-party services, each of which processes data under their own privacy policies:

Firebase (Google LLC) — authentication, database, hosting, and analytics. Privacy policy
Stripe, Inc. — payment processing. Privacy policy

These providers are located in the United States. Data transfers are governed by Standard Contractual Clauses approved by the European Commission, ensuring an adequate level of protection.

7. Cookies and Analytics

Clearmind uses Firebase Analytics, which sets cookies and collects anonymised usage data. These cookies are used solely for analytics purposes and do not track you across other websites.

You can opt out of Firebase Analytics data collection by enabling "Do Not Track" in your browser, or by using a browser extension that blocks Google Analytics.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access — you may request a copy of the personal data we hold about you.
Right to rectification — you may request correction of inaccurate data.
Right to erasure — you may request deletion of your personal data.
Right to restriction — you may request that we restrict processing of your data.
Right to data portability — you may request your data in a structured, machine-readable format.
Right to object — you may object to processing based on legitimate interests.
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at iosonomarco@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Italian data protection authority: Garante per la protezione dei dati personali — www.garanteprivacy.it.

9. Data Security

We use industry-standard security measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, and secure authentication. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children

Clearmind is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a notice within the Clearmind programme. The date at the top of this page indicates when the policy was last updated.

12. Contact

For any questions or requests regarding this Privacy Policy or your personal data, contact:

Marco Casavecchia
iosonomarco@gmail.com