Privacy Policy

Effective date: 10 June 2026 — creeplog.com

This policy explains how creeplog ("the Service") processes personal data, in accordance with Regulation (EU) 2016/679 ("GDPR").

1. Data controller

Andrea Casali — contact: info@andreacasali.com.

2. What data we process

• Account data: your email address and a salted hash of your password (the password itself is never stored).
• Content you log: project names, hourly rates, descriptions of extra requests, hours and dates. Log only what you are entitled to process; avoid logging personal data of third parties when not necessary.
• Security data: when you sign in, the session record includes your IP address and browser user-agent, used to manage and secure authenticated sessions.
• Technical server logs: standard web-server logs (IP, requested URL, timestamp), kept for security and troubleshooting.

No analytics, advertising or profiling tools are used.

3. Purposes and legal bases

• Providing the Service you signed up for — performance of a contract (art. 6(1)(b) GDPR).
• Security, abuse prevention and troubleshooting — legitimate interest (art. 6(1)(f) GDPR).

No data is used for marketing. No automated decision-making.

4. Where data is stored

Data is hosted on a virtual private server operated on behalf of the controller, located in the European Union. No transfers outside the European Economic Area take place.

5. Sharing

Data is not sold or shared with third parties. The hosting provider acts as a processor strictly for infrastructure purposes. Data may be disclosed if required by law.

6. Retention

• Account and content data: until you delete the relevant projects or request deletion of your account.
• Session records: until the session is terminated or expires.
• Server logs and technical backups: for a limited period (up to 30 days), after which they are rotated and overwritten.

7. Your rights

You have the right to access, rectify, erase and port your data, to restrict or object to processing, and to lodge a complaint with a supervisory authority (in Italy: Garante per la Protezione dei Dati Personali). To exercise your rights, write to info@andreacasali.com. Deleting a project permanently removes its entries; deleting your account removes all associated data from the live database (residual copies in technical backups are overwritten within the rotation period above).

8. Changes

Material changes to this policy will be announced on this page with an updated effective date.