GDPR Compliant
Privacy Policy
Last updated: March 1, 2026 · Effective immediately
1. Data Controller
Media Lives S.r.l.
Sede Aziendale: Via Liguria 34, Peschiera Borromeo, MI
VAT Number: IT11422121001
Contact: privacy@medialives.com
Media Lives S.r.l. ("we", "us", "our") operates the MediaLives platform at medialives.com. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR — Regulation 2016/679) and Italian data protection laws (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018).
2. Data We Collect
2.1 Account Information
When you create an account, we collect:
- Manual registration: your name, email address, and a hashed version of your password (we never store your password in plain text).
- Google Sign-In: your name, email address, and Google account identifier. We do not receive or store your Google password.
2.2 Usage Data
When you use the platform, we automatically collect:
- Conversation content (your prompts and AI responses) necessary to provide the service.
- Token usage and cost data for billing purposes.
- Session metadata (timestamps, model used per request).
2.3 Technical Data
We collect standard server logs including IP addresses, browser type, and access timestamps for security and performance purposes. This data is automatically deleted after 90 days.
3. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6:
- Contract performance (Art. 6(1)(b)): Processing necessary to provide the MediaLives service you signed up for, including account management, AI processing, and billing.
- Legitimate interest (Art. 6(1)(f)): Security monitoring, fraud prevention, and service improvement.
- Consent (Art. 6(1)(a)): For optional communications (marketing emails, if applicable). You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)): Tax and accounting records as required by Italian law.
4. How We Use Your Data
Your personal data is used exclusively to:
- Provide, operate, and maintain the MediaLives platform.
- Process your AI requests through our intelligent model routing system.
- Calculate and track your pay-per-use billing.
- Communicate with you about your account and service updates.
- Ensure platform security and prevent abuse.
- Comply with legal and regulatory obligations.
We do not sell, rent, or trade your personal data to third parties. We do not use your conversation data to train AI models.
5. Third-Party Services
To operate MediaLives, we share limited data with the following processors:
- Anthropic (USA) — AI model provider. Your conversation content is sent to Anthropic's API for processing. Anthropic's data handling is governed by their Privacy Policy. Data transfer to the USA is covered by Standard Contractual Clauses (SCCs).
- Google (USA) — If you use Google Sign-In, Google processes your authentication data under their Privacy Policy.
- Hostinger (Lithuania/EU) — Server hosting provider. Your data is stored on EU-based servers.
6. Data Retention
- Account data: Retained for the duration of your account, plus 30 days after deletion request.
- Conversation data: Retained for the duration of your account. You may delete individual conversations at any time.
- Billing records: Retained for 10 years as required by Italian tax law (Art. 2220 c.c.).
- Server logs: Automatically deleted after 90 days.
7. Your Rights (GDPR Articles 15–22)
As a data subject, you have the right to:
- Access your personal data and obtain a copy.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten").
- Restrict processing in certain circumstances.
- Data portability — receive your data in a structured, machine-readable format.
- Object to processing based on legitimate interest.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at privacy@medialives.com. We will respond within 30 days as required by law.
You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at garanteprivacy.it.
8. Cookies and Local Storage
MediaLives uses only essential technical cookies required for the platform to function:
- Session cookie (PHPSESSID): Maintains your authenticated session. Expires when you close the browser or after 24 hours of inactivity.
We do not use analytics cookies, advertising cookies, or any third-party tracking technologies. No cookie consent banner is required as we only use strictly necessary cookies (Art. 5(3) ePrivacy Directive).
9. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- TLS/SSL encryption for all data in transit.
- Bcrypt hashing for stored passwords.
- AES encryption for sensitive stored data.
- Access controls and authentication on all systems.
- Regular security monitoring and updates.
10. International Data Transfers
Your data is primarily stored on servers within the European Union (Hostinger, Lithuania). When data is transferred to the United States (for AI processing via Anthropic or Google authentication), such transfers are protected by EU Standard Contractual Clauses (SCCs) in accordance with GDPR Article 46(2)(c).
11. Children
MediaLives is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at privacy@medialives.com and we will promptly delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform. Continued use of the service after changes constitutes acceptance of the updated policy.