Privacy Policy
Information on the processing of personal data under Regulation (EU) 2016/679 (GDPR).
In short
This site is static and uses no cookies. There is no user database, no account, no personal tracking.
- Traffic stats are collected by Umami, in aggregate form and without cookies.
- If you email me, I keep your address only to reply to you.
- If you book a call, you do it on Cal.com — they handle your booking data.
- The site is hosted on GitHub Pages (Microsoft, USA), which sees the IPs of visitors.
- To exercise your GDPR rights, email me at francesco@montelli.dev.
1. Data Controller
The data controller for personal data collected via this site is Francesco Montelli, VAT 02726990399. For any request regarding your personal data — including the GDPR rights described below — you can write to francesco@montelli.dev.
2. What data I collect and why
2.1 Navigation data
The site is hosted on GitHub Pages, a Microsoft service. When you visit the site, GitHub records technical data relating to the connection (IP address, user agent, requested URL, timestamp, response code) for security and service delivery purposes. This data is processed by GitHub according to its own privacy notice (github.com/site-policy), to which I refer.
2.2 Analytics
To measure site traffic I use Umami, an analytics tool that does not use cookies, does not collect personally identifiable data, and does not perform cross-site tracking. The data collected (page visited, referrer, device type, browser, country) is aggregated and anonymous: it does not allow individual visitors to be identified.
2.3 Email
If you write to me at the email address shown on the site, I collect your email address and any other data you choose to include in the message. This data is processed solely to reply to you and to manage the conversation that follows.
2.4 Booking a call
To book a discovery call I use Cal.com. When you click the booking link you are redirected to Cal.com servers, where you enter your name, email, and any other information requested by the booking form. Cal.com acts as an external data processor (subprocessor) and processes the data according to its own privacy notice (cal.com/privacy). I receive from Cal.com the information you entered, solely to prepare for the call and contact you.
2.5 Browser storage
The site does not use cookies. To store your theme preference (light/dark) the browser's localStorage is used — a strictly local technical mechanism that does not send data to external servers and that you can clear at any time from your browser settings.
3. Legal basis for processing
- Navigation data and anonymous analytics: legitimate interest of the controller in ensuring the proper functioning of the site and measuring the effectiveness of content in aggregate form (Art. 6.1.f GDPR).
- Voluntarily sent emails: performance of pre-contractual measures at the data subject's request, or legitimate interest in replying to incoming communications (Art. 6.1.b and 6.1.f GDPR).
- Booking a call: performance of pre-contractual measures at the data subject's request (Art. 6.1.b GDPR).
4. Retention period
- GitHub Pages logs: managed by GitHub according to its own terms.
- Umami statistics: aggregate data retained for the time necessary to analyse traffic, in any case no longer than 24 months.
- Email: retained for the time necessary to manage the conversation and for the subsequent ordinary limitation period, unless a specific deletion request is made.
- Cal.com booking data: managed by Cal.com according to its own terms; copy received via email retained as in the point above.
5. Transfers outside the EU
Some of the services used involve the transfer of data outside the European Union, in particular to the United States:
- GitHub Pages (Microsoft Corporation, USA): hosting of the static site.
- Cal.com: management of call bookings.
Such transfers take place in compliance with the safeguards provided by the GDPR, in particular through the Standard Contractual Clauses (SCC) approved by the European Commission and/or adherence to the EU-US Data Privacy Framework, where applicable. The respective providers declare compliance with these instruments in their privacy notices, to which I refer for details.
6. Your rights
Under articles 15-22 of the GDPR you have the right to:
- Access your personal data (Art. 15);
- Rectification of inaccurate or incomplete data (Art. 16);
- Erasure of data concerning you ("right to be forgotten", Art. 17);
- Restriction of processing (Art. 18);
- Portability of data in a structured, machine-readable format (Art. 20);
- Object to processing based on legitimate interest (Art. 21).
To exercise any of these rights, write to francesco@montelli.dev. I will respond within one month of the request as required by the GDPR.
7. Complaint to the supervisory authority
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (garanteprivacy.it) or with the supervisory authority of the EU Member State where you reside.
8. Updates
This privacy policy was last updated on April 28, 2026 and may be subject to revision. Previous versions are not archived online; to request a history, write to francesco@montelli.dev.