Skip to main content
HandsomeHandsome

Legal

Privacy Policy

Last update: 28 May 2026

This Privacy Policy describes how the data controller processes your personal data when you visit handsomemakers.com or use the "Handsome" service (booking and workshop management). Processing complies with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended.

1. Data controller

The data controller is Michael Balleroni (sole proprietorship, "Handsome" project), VAT no. 02871720419, Tax code BLLMHL95D22C357W, registered office at Via C. Menotti, 184, 61122 Pesaro (PU), Italia.

Contact: info@handsomemakers.com · PEC: michaelballeroni@pec.it. We have not appointed a DPO as it is not mandatory for our activity; data protection requests are handled at the address above.

2. Data we collect

  • Account data: name, surname, email, password (stored as a hash), phone.
  • Booking data: chosen workshop, date, participants, deposit paid, payment confirmation.
  • Artisan onboarding data: studio name, VAT, address, bio, payout account (via Stripe Connect).
  • In-app chat messages (mediated artisan ↔ customer), reviews, gift cards, loyalty points (Handpoints).
  • Payment data: handled directly by Stripe (we do not store card numbers).
  • Browsing/advertising data: IP, user-agent, cookie and pixel identifiers — analytics and marketing only after your consent (see cookie banner).
  • Anonymised error reports via Sentry.

3. Purpose & legal basis

  • Service delivery and account management — performance of a contract (Art. 6(1)(b) GDPR).
  • Payment processing via Stripe — performance of a contract.
  • Transactional emails about your bookings — performance of a contract.
  • Newsletter — consent (Art. 6(1)(a)), revocable any time.
  • Analytics (Google Analytics 4) — consent (Art. 6(1)(a)), via the cookie banner.
  • Marketing and advertising (Google Ads, Meta), including remarketing and audience profiling — consent (Art. 6(1)(a)), via the cookie banner.
  • Tax and accounting records, AML/CFT obligations — legal obligation (Art. 6(1)(c)).
  • Platform security and abuse/fraud prevention — legitimate interest (Art. 6(1)(f)).

4. Recipients and processors

We share data strictly necessary with the following processors (Art. 28 GDPR) / autonomous controllers:

  • Supabase — database hosting (EU).
  • Stripe — payments and Stripe Connect payouts (EU/US).
  • Resend — transactional and newsletter emails (EU/US).
  • Cloudinary — image hosting/CDN.
  • Vercel — application hosting/CDN.
  • Sentry — error monitoring (EU).
  • Netsons — domain, DNS and provider email (EU).
  • Google Ireland Ltd — Google Analytics 4 and Google Ads (only with consent).
  • Meta Platforms Ireland Ltd — Meta Pixel for advertising (only with consent).

We never sell your personal data.

5. Transfers outside the EU

Some providers (e.g. Stripe, Google, Meta, Vercel) may process data in the United States. Transfers are protected by adequacy under the EU-US Data Privacy Frameworkand/or the EU Commission's Standard Contractual Clauses, with additional safeguards where required.

6. Profiling and automated decisions

With your marketing consent, Google and Meta may build advertising profiles to show you relevant ads (remarketing). We do not carry out automated decision-making producing legal or similarly significant effects on you under Art. 22 GDPR.

7. Retention

Booking and tax records: 10 years (Italian tax law). Account profile: until you request deletion. Newsletter consent: until you unsubscribe. Analytics/marketing cookie data: up to 13–24 months. Error logs: 90 days. Cookie consent record: 6 months.

8. Your rights

You may exercise access, rectification, erasure, restriction, portability and objection (Articles 15–22 GDPR). You may withdraw consent at any time (including analytics/marketing, via "Manage cookie preferences" in the footer) and object to direct marketing (Art. 21). Write to info@handsomemakers.com — we reply within 30 days. You may also lodge a complaint with the Italian DPA (Garante per la protezione dei dati personali, gpdp.it).

9. Cookies

See our Cookie Policy. You can change preferences any time from the footer link.

10. Changes

We may update this policy; the "Last update" date reflects the latest version. Material changes affecting consent-based processing will be notified.