privacy policy.

last updated: july 2025

1. introduction

thesmallmediacompany s.r.l. ("we," "our," or "the company") respects your privacy and is committed to protecting your personal data. this privacy policy explains how we collect, use, store, and protect your information when you interact with our website, products, and services.

we serve a global audience from our base in italy, and this policy applies to all users regardless of location.

data controller: thesmallmediacompany s.r.l., based in italy, is the data controller responsible for your personal data.

2. information we collect

2.1 information you provide directly

  • contact information: name, email address, phone number and other relevant information you choose to share (when you contact us, subscribe to our newsletter, or fill out forms)

  • demographic information: age, gender, country, interests, preferences (only if you voluntarily provide them to help us improve our content and services)

  • account information: username, password, profile information (if you create an account or access members-only content)

  • payment information: processed securely through squarespace payments or third-party providers (we do not store credit card details)

  • content and communications: messages, feedback, or content you send us

  • ai interaction data: conversations with our ai companions, preferences, and usage patterns (stored securely for up to 3 years to improve your experience)

2.2 information collected automatically

  • usage data: pages visited, time spent, interaction patterns

  • technical data: ip address, browser type, device information, operating system

  • cookies and similar technologies: see our cookie policy section

2.3 information we do not collect

  • browsing history outside our services

  • personal data unrelated to our services

  • sensitive data unless explicitly provided for service improvement


note: as we grow and improve, we may collect additional types of data. we'll always be transparent about what we collect and why, updating this policy accordingly.


3. how we use your information

we use your personal data only for:

  • providing services: delivering products, ai companions, members-only content, and features you request

  • improving experiences: personalizing and enhancing our services based on usage patterns

  • communication: responding to inquiries, sending newsletters (with consent), updates about your membership

  • payment processing: managing subscriptions and access to premium content

  • legal compliance: meeting regulatory requirements, protecting rights

  • security: preventing fraud, maintaining service integrity

  • external links: when you click links to purchase books on third-party sites (such as amazon or other retailers), you leave our site and are subject to their privacy policies


4. legal basis for processing

we process your data based on:

  • consent: when you've explicitly agreed

  • contract: to fulfill our services to you

  • legitimate interests: improving services, security, business operations

  • legal obligations: compliance with applicable laws

5. data retention

we retain personal data only as long as necessary:

  • active accounts: data retained while account is active

  • service data: kept as needed for service delivery

  • form submissions & contact data: up to 3 years (stored securely in google workspace with vault)

  • ai conversations: up to 3 years (anonymized and secured with platform-level encryption)

  • newsletter subscribers: until you unsubscribe

  • legal requirements: retained per applicable regulations

  • deletion: you can request deletion at any time (subject to legal requirements)


6. data sharing and transfers

6.1 third-party services

we share data only with:

  • platform providers: squarespace (website hosting, analytics, members, payments)

  • ai service providers: google, anthropic, openai, elevenlabs, meta (for ai features)

  • analytics & marketing: google analytics, google ads, meta pixel

  • content delivery: youtube (for embedded videos)

  • payment processors: squarespace payments, stripe, and similar secure providers

  • productivity tools: google workspace (with vault for secure storage)

  • external commerce: amazon, apple books, kobo, and other book retailers (when you click book purchase links)

  • legal requirements: when required by law or legal process

all third-party providers are selected for their strong privacy and security standards.

6.2 international transfers

as we serve a global audience, your data may be transferred to and processed in countries outside your location. we ensure appropriate safeguards through:

  • standard contractual clauses

  • adequacy decisions

  • certified providers with equivalent protection levels

  • platform-level security measures from our trusted providers

regardless of where data is processed, we maintain the same high privacy standards.

7. your rights (gdpr)

we respect privacy rights worldwide. specific rights depend on your location:

7.1 for eu/eea residents (gdpr)

you have the right to:

  • access: request copies of your personal data

  • rectification: correct inaccurate data

  • erasure: request deletion ("right to be forgotten")

  • restriction: limit processing in certain circumstances

  • portability: receive your data in machine-readable format

  • object: oppose certain processing activities

  • withdraw consent: at any time for consent-based processing

7.2 for users worldwide regardless of location, we honor requests to:

  • access your data

  • correct inaccuracies

  • delete your account and data

  • opt out of marketing

  • update communication preferences

7.3 how to exercise your rights

to exercise any of these rights, contact: privacy@thesmallmediacompany.com we'll respond within 30 days (or as required by your local law).


8. data security

we implement industry-standard security measures:

  • encryption in transit and at rest

  • access controls and authentication

  • regular security assessments

  • incident response procedures

  • employee training and confidentiality agreements

while we strive for maximum security, no system is 100% secure. we continuously update our practices to protect your data.

9. cookies and tracking

we use cookies for:

  • essential cookies: required for site functionality and squarespace platform

  • analytics cookies: google analytics, squarespace analytics (understanding usage patterns)

  • marketing cookies: google ads, meta pixel (for advertising, if enabled)

  • preference cookies: remembering your settings and member access

  • third-party cookies: youtube (video embeds), ai service providers

you can control cookies through:

  • our cookie banner (appears on first visit)

  • browser settings

  • opt-out links in our communications

disabling certain cookies may limit functionality, especially for members-only areas.

check our cookie policy.


10. children's privacy

our services are not directed to individuals under 18. we do not knowingly collect data from children. if you believe we have collected such data, please contact us immediately.

11. ai-specific considerations

when using our ai companions:

  • conversations are processed to provide personalized responses

  • data is encrypted and stored securely for up to 3 years

  • we use industry-leading platforms (openai, anthropic, elevenlabs, google, meta)

  • you control the level of personalization and interaction

  • conversations may be anonymized for service improvement

  • no automated decision-making with legal effects is performed

  • deletion requests remove your conversation history

  • embedded ai agents on our site follow the same privacy standards


12. updates to this policy

we may update this policy periodically. significant changes will be notified via email or prominent website notice. continued use after updates indicates acceptance.


13. contact information

for privacy concerns or to exercise your rights:

email: privacy@thesmallmediacompany.com

data protection officer: alessandro facchini

address: via martiri oscuri 16 - 20125 milan, italy


14. supervisory authority

you have the right to lodge a complaint with the italian data protection authority (garante per la protezione dei dati personali) or your local supervisory authority.

15. newsletter and marketing

if you subscribe to our newsletter:

  • we'll only send content you've opted in to receive

  • you can unsubscribe anytime via the link in each email

  • we may use email marketing platforms integrated with squarespace

  • we don't sell or share your email with third parties

  • marketing preferences can be updated in your account settings

16. members-only content

for members accessing premium content:

  • membership data is managed through squarespace members (or similar platforms)

  • payment information is handled by secure payment processors

  • access logs are kept for security and service delivery

  • membership benefits are tied to your account

  • cancellation doesn't automatically delete your data (you can request this separately)


17. remarketing and advertising

we may use remarketing services to show you relevant ads:

  • google ads and meta pixel track site visits (with your consent)

  • you can opt out via ad preferences in your google/meta accounts

  • we don't create sensitive audience segments

  • remarketing cookies can be blocked via your browser

  • we follow platform policies for ethical advertising