Privacy Policy

Last updated: June 14, 2026

This Privacy Policy describes how personal data of users visiting runaria.ai and its related domains (www.runaria.ai, ariaplatform.ai, web-aria.optiwize.cloud) — the "Site" — is processed, pursuant to Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 as amended ("Italian Privacy Code").

1. Data Controller

The data controller is evoseed S.r.l., registered office at Via Lucrezio 13 — 34134 Trieste (TS), Italy, VAT/Tax ID 01361650326, REA TS-208336, certified email [email protected], contact email [email protected].

The controller is not required to appoint a Data Protection Officer (DPO) under Article 37 GDPR. For any privacy-related request, please contact the controller at the addresses above.

2. Categories of data processed

The Site processes only data voluntarily provided by the user or generated automatically by navigation:

• Contact and demo-request data— name, company name, email address, role, estimated number of managed network devices, subject and content of the message. Collected via the "Contact" and "Request a demo" forms.
• Partner application data— name, company name, email address, partner type, country and content of the message. Collected via the "Become a partner" form.
• Navigation and statistical data — pages visited, referrer, preferred language, device type and IP address in anonymised form (with masking of the final portion of the address), processed for aggregate Site-usage statistics. For details on the tools used, please refer to the Cookie Policy.
• Technical security data — IP address, user agent and request timestamps, processed solely for security and abuse-prevention purposes and retained for a limited period.

The Site does not use profiling cookies, third-party marketing cookies, third-party analytics tools that track the user, or advertising pixels. No special categories of data (Art. 9 GDPR) and no data of minors are processed. The Site is not addressed to subjects under the age of 16.

3. Purposes and legal basis

4. Processing methods

Processing is carried out using IT systems, with access restricted to authorised personnel of the controller and its technical providers. Data is transmitted over encrypted connections (HTTPS/TLS). Appropriate technical and organisational measures are adopted to ensure a security level proportionate to the risk (Art. 32 GDPR), including access control, activity logging, periodic backups and environment segregation.

5. Retention period

• Contact, Demo and Partner form data — kept for up to 24 months from collection to manage the request and for sales follow-up, unless a contractual relationship is started (in which case statutory periods apply, including 10 years for accounting and tax purposes) or the data subject requests earlier deletion.
• Navigation and statistical data — the IP address is anonymised at the time of collection; data is kept mainly in aggregate form for statistical purposes.
• Technical security logs — kept only for as long as strictly necessary for security purposes and in any case for a limited period.

After these periods, data is irreversibly deleted or anonymised, subject to legal obligations or the need to establish or defend a legal claim.

6. Disclosure and external Processors

Personal data is not disclosed to undefined recipients. It may be shared, within the limits of the purposes above, with the following entities, appointed as data Processors under Article 28 GDPR:

• Hetzner Online GmbH (Gunzenhausen, Germany) — hosting of application infrastructure and database.
• Cloudflare, Inc. (San Francisco, USA) — CDN, DNS and attack mitigation.
• Amazon Web Services, Inc. (Amazon SES service) — delivery of transactional confirmation and notification emails.
• Consultants, professionals or companies providing outsourced services to the controller (tax, legal, IT advisors), strictly within the purpose for which they are involved.

The up-to-date list of Processors is available upon request to [email protected].

7. Data transfers outside the EU

Some providers (Cloudflare, Inc. and Amazon Web Services, Inc.) are based in the United States. The transfer complies with Articles 44 et seq. GDPR, on the basis of the EU-US Data Privacy Framework adequacy decision (Decision (EU) 2023/1795 of 10 July 2023), to which the providers have adhered, and of the Standard Contractual Clauses approved by the European Commission (Decision (EU) 2021/914). Supplementary measures of encryption in transit and at rest are adopted.

8. Data subject rights

Under Articles 15-22 GDPR, the data subject has the right to:

• access their personal data and obtain a copy;
• request rectification, update or supplementation;
• obtain erasure (right to be forgotten), in the cases provided by law;
• restrict processing or object to processing based on legitimate interest;
• receive their data in a structured format and port it to another controller;
• withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal;
• lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or the competent supervisory authority in the EU member state of habitual residence.

Requests should be sent to [email protected]. The controller will respond within 30 days, extendable by a further 60 days in complex cases (Art. 12(3) GDPR).

9. Automated decision-making

Through the Site, the controller does not carry out automated decision-making, including profiling, that produces legal effects or similarly significantly affects the data subject (Art. 22 GDPR).

10. Changes to the Privacy Policy

This Privacy Policy may be updated as a result of regulatory, organisational or technical changes. Users are invited to consult this page periodically; material changes will be communicated on the Site. For the Site Terms of Use please refer to the Terms of Use page.