Concorder
Launch a proposalCreate a groupGroup listProposal list

PRIVACY POLICY

Last updated: February 21, 2026

1. INTRODUCTION

Concorder is a collaborative decision-making and digital participation platform that combines structured proposals, collaborative text contributions, flexible voting systems, thematic and territorial groups, and personal profiles based on interests, values and skills. This policy describes how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR, EU Regulation 2016/679).

2. DATA CONTROLLER

The data controller is Marino Tilatti. For any privacy-related questions, you can contact us at:

Email: [email protected]

Via Raiberti 12, Monza (MB), Italy

3. DATA COLLECTED

We collect the following categories of data:

  • Registration data: name, surname, email, phone number (optional), encrypted password
  • Profile data: country, city, biography, interests, values, skills
  • Activity data: proposals created (simple, collaborative documents, surveys, events), votes cast on options and contributions, paragraph contributions (suggestions and modifications), comments, moderator role, group participation
  • Technical data: IP address, browser type, operating system, session cookies
  • Authentication data: when using external authentication providers (Google), we receive authorized basic profile data

4. PURPOSE OF PROCESSING

Your data is used to:

  • Provide platform services: creation and management of proposals (simple, collaborative documents, surveys, events), voting on options and paragraph contributions, management of thematic and territorial groups, moderator role
  • Personalize user experience through profiles based on interests, values and skills, with future matching functionality between people and groups
  • Send notifications related to platform activity: new comments, contributions, votes on your proposals, group invitations, responses to your contributions. You can manage notification preferences in your account settings
  • Ensure platform security, prevent abuse and manage moderator roles
  • Analyze platform usage to improve functionality
  • Comply with legal obligations and respond to authority requests

5. LEGAL BASIS FOR PROCESSING

The processing of your data is based on:

  • Consent: when you register and accept this policy
  • Contract execution: to provide you with requested services
  • Legal obligation: to comply with regulatory requirements
  • Legitimate interest: to improve the platform and ensure security

6. DATA SHARING

Your personal data is not sold to third parties. It may be shared only in the following cases:

  • Public profile data: name, surname, city, biography, interests, values and skills are publicly visible on your personal page and may be used for future matching functionality between people and groups
  • Service providers: hosting (European servers), email services, analytics (aggregated and anonymized data)
  • Competent authorities: in case of legal obligation or to protect rights and security

7. DATA TRANSFER OUTSIDE EU

Your data is stored on servers located in the European Union. Any transfers outside the EU occur only with adequate safeguards (standard contractual clauses, Privacy Shield successor, EU adequacy decisions).

8. DATA RETENTION

We retain your data for the time necessary to provide services and comply with legal obligations:

  • Active accounts: until account deletion
  • Deleted accounts: identifying personal data is deleted within 30 days. Public proposals, votes and contributions may remain anonymous to maintain the historical integrity of decision-making processes. Note: data export is not currently available
  • Technical and security logs: retained for 12 months, then deleted or anonymized

9. YOUR RIGHTS

Under GDPR, you have the right to:

  • Access: obtain a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your personal data ("right to be forgotten"). Note: if you are a moderator of active proposals, you may need to transfer the role before complete deletion
  • Restriction: limit processing in certain circumstances
  • Portability: receive your data in structured format (JSON) and transfer it to another service. Note: this feature is under implementation
  • Objection: object to processing based on legitimate interest
  • Withdraw consent: withdraw consent at any time
  • Complaint: file a complaint with the Data Protection Authority

To exercise your rights, contact us at: [email protected]

Data Protection Authority: www.garanteprivacy.it

10. SECURITY

We adopt appropriate technical and organizational measures to protect your data:

  • Encryption: passwords with bcrypt, HTTPS/TLS connections, sensitive data encrypted at rest
  • Access control: secure authentication, role management (guests, registered users, moderators, group admins), principle of least privilege
  • Monitoring: security logs, anomaly detection, regular backups
  • Updates: timely security patches for software and dependencies
  • Activity tracking: logs of significant actions to ensure transparency and accountability

11. COOKIES AND SIMILAR TECHNOLOGIES

We use technical cookies strictly necessary for platform operation (authentication, session management, language preferences). We do not use advertising profiling cookies or third-party tracking for commercial purposes. You can manage cookies in your browser settings, but disabling technical cookies may compromise platform functionality.

  • Necessary cookies: user authentication, session management, language and interface preferences
  • Optional analytics: collection of aggregated and anonymized data to improve platform usability (requires explicit consent)

12. MINOR USERS

Concorder is primarily intended for adult users. In accordance with Article 8 of GDPR, users aged between 14 and 18 can register and use the platform only with explicit and verifiable consent from parents or legal guardians. We do not knowingly collect personal data from minors under 14. If we become aware of data inadvertently collected from minors under 14, we will proceed with their immediate deletion.

13. OWNERSHIP AND LICENSE

Concorder's code is currently closed and hosted in a private repository. An open-source license is not yet defined. Opening the code or adopting open licenses is considered a possible area of future project evolution.

14. CHANGES TO THIS POLICY

We reserve the right to modify this policy to adapt to regulatory or functional changes. Substantial changes will be communicated via email and in-platform notification. The updated version will always be available on this page.

15. CONTACT

For questions, requests or privacy reports:

Email: [email protected]

Subject: Privacy - Concorder