Privacy Policy & Cookie Policy

HUMANTE s.r.l.s. is the Data Controller for the WikiCibo platform (wikicibo.com). For any privacy-related matter, contact us at the email address above.

2.1 Data provided voluntarily

• Name, surname and company name
• Email address and phone number
• Address of the business / restaurant
• Billing data (VAT number, SDI code, address) — for paid plans
• Profile content: descriptions, images, product information, menus
• Communications sent via the contact form
• Newsletter subscription data

2.2 Automatically collected data

• IP address and country of origin (via Cloudflare headers)
• Device type: desktop, mobile, tablet
• Operating system and browser
• Pages visited, session duration and click events
• Entry page, referrer and UTM parameters (campaign tracking)
• Technical cookies for authentication and session management

2.3 Data received from third parties

The platform may receive data from payment processors (Stripe/PayPal) and email service providers. These third parties are autonomous data controllers; see Art. 6 for details.

The Controller processes personal data for the following purposes, each with the corresponding legal basis under Art. 6 GDPR:

Consent for marketing is entirely optional and its withdrawal has no effect on the use of the platform or paid plans.

WikiCibo uses the Anthropic PBC API (Claude model) to support the automatic generation of editorial content and SEO descriptions. This feature is available to registered operators and producers.

• Data sent to Anthropic: editorial text entered by the user, content type (producer, restaurant, product, guide, recipe)
• Data NOT sent: name, surname, email, phone, billing data, IP address
• WikiCibo does not use user data to train artificial intelligence models
• Anthropic is based in the USA; the transfer takes place via standard contractual clauses (SCC, Art. 46 GDPR)
• For details: anthropic.com/privacy

Payments for paid plans are processed via certified PCI-DSS providers. WikiCibo does not store or access full credit/debit card details.

• Stripe Payments Europe, Ltd. (Ireland, EU) — stripe.com/privacy
• PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg, EU) — paypal.com/privacy
• Bank transfer — IBAN data are processed only to verify payment

Each payment provider is an autonomous data controller. Please consult their respective privacy policies.

The Controller uses Data Processors (Art. 28 GDPR) who operate solely on its instructions and in accordance with appropriate data processing agreements:

• Hosting provider — servers located in the European Union
• Anthropic PBC — artificial intelligence services (USA, with SCC)
• Stripe / PayPal — payment management (see Art. 5)
• Email marketing provider — newsletter management (EU)

6.1 Social networks

The site contains links to social profiles (Instagram, Facebook, LinkedIn). Clicking these links transfers data to platforms that are autonomous controllers. WikiCibo is not responsible for their processing activities.

WikiCibo uses an internal anonymous visitor tracking system to analyse site usage and improve the user experience. This system does NOT require user authentication or registration.

7.1 Data collected

• Anonymous session ID (random UUID stored in sessionStorage, deleted when the browser tab is closed)
• Country of origin (derived from Cloudflare/server headers — IP address is NOT stored)
• Device type, operating system and browser (derived from User-Agent)
• Pages visited and time of visit
• Click events on links (anchor text and destination URL)
• Referrer and UTM campaign parameters

7.2 Data retention

Anonymous session data is retained for a maximum of 12 months and then automatically deleted. No personally identifiable information is associated with these sessions.

WikiCibo uses cookies and similar technologies. Consent is managed through the cookie banner on the site.

8.1 Technical cookies (necessary — no consent required)

• Session cookie for admin/operator authentication (next-auth.session-token)
• CSRF protection cookie
• Cookie for language preference (locale)
• Cookie for cookie preferences (wikicibo_cookie_consent)

8.2 Analytics cookies

WikiCibo uses an internal first-party analytics system (no third-party cookies such as Google Analytics). The anonymous session ID is stored in sessionStorage (not a persistent cookie) and is automatically deleted when the browser tab is closed.

8.3 Profiling / marketing cookies

Not currently active. If activated in future, explicit consent will be requested through the cookie banner.

8.4 Managing cookies

The user can manage cookie preferences at any time through their browser settings or the cookie banner. Disabling technical cookies may affect the functioning of the platform (e.g., it will not be possible to log into the admin area).

Some service providers (Anthropic) are based in the USA, which does not have an EU adequacy decision for GDPR purposes. Data transfers to these providers take place via:

• Standard Contractual Clauses (SCC) approved by the European Commission (Art. 46.2.c GDPR)
• Data processing agreements with appropriate technical and organisational safeguards

The user may request information on the guarantees adopted by writing to info@wikicibo.com.

Pursuant to Arts. 15–22 GDPR, you have the right to:

How to exercise your rights

Send a request to info@wikicibo.com. We will respond within 30 days (extendable by 60 days in complex cases). The service is free of charge, except for manifestly unfounded or excessive requests.

• Account data: for the entire duration of the contract + 5 years after account closure
• Billing data and invoices: 10 years (Italian tax law, Art. 2220 Civil Code)
• Payment data: 10 years (fiscal obligations)
• Navigation logs and technical data: maximum 12 months
• Anonymous visitor sessions: maximum 12 months
• Newsletter data: until withdrawal of consent
• AI usage logs (metadata only): 24 months
• Communications via contact form: duration of the relationship + 5 years

Upon expiry, data is deleted or irreversibly anonymised.

The Controller implements appropriate technical and organisational measures pursuant to Art. 32 GDPR to protect personal data against unauthorised access, loss or destruction:

• Encryption in transit via HTTPS/TLS for all communications
• Secure password hashing with modern algorithms (bcrypt/argon2)
• Access to production data restricted to authorised personnel only
• Regular automated backups
• Constant monitoring and updating of server systems
• Incident response procedures for security breaches

Subscribing to the WikiCibo newsletter is optional and requires explicit consent (opt-in). To unsubscribe:

• Click the unsubscribe link at the bottom of each email
• Write to info@wikicibo.com

Unsubscribing from the newsletter does not result in the deletion of the account or profile.

The Controller reserves the right to modify this privacy policy at any time. Changes are published on this page with the date of update. In the case of substantial changes, registered users will be informed by email or through a notice on the platform.

Continued use of the platform after changes come into force constitutes acceptance of the new policy.

• EU Regulation 2016/679 (GDPR)
• Legislative Decree 30 June 2003, no. 196 (Italian Privacy Code), as amended by Legislative Decree 101/2018
• Rulings of the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali)
• EDPB (European Data Protection Board) guidelines
• EU Regulation 2018/1725 for EU institutions