Privacy Policy
Last updated: March 2026
Data Controller
Fanta Finanza
Contact: info@fantafinanza.com
What Data We Collect
| Data | Purpose | Storage |
|---|---|---|
| Email (waitlist) | Notify you when we launch | Stored until you unsubscribe or we launch |
| Username | Your public identity in the game | Until account deletion |
| Email (account) | Password reset, important notices | Stored securely. Until account deletion |
| Password | Authentication | Stored irreversibly (we cannot recover it). Until account deletion |
| Game data (trades, portfolio) | Gameplay | Until account deletion |
What We Do NOT Collect
- No real names (your username is your identity)
- No bank credentials or payment card numbers (Stripe handles payments)
- No tracking cookies or analytics
- No data shared with Google, Facebook, or any US company
Third-Party Services
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| OVH Cloud | Hosting | All data (as processor) | Milan, Italy (EU) |
| Stripe | Payments (when applicable) | Email, payment info | EU + US (with DPA) |
Your Rights (GDPR)
- Access: Download all your data at any time
- Rectification: Correct your data (edit profile)
- Erasure: Delete your account and all associated data
- Portability: Export your data in JSON format
- Object: You can delete your account at any time
- Complaint: Contact the Italian Garante per la Protezione dei Dati Personali at garanteprivacy.it
Data Security
Email addresses are stored securely. Passwords are stored irreversibly (we cannot recover them). All connections use HTTPS. Your data is stored on European servers (OVH, Milan). No data is transferred outside the EU except to Stripe for payment processing (covered by their DPA and Standard Contractual Clauses).
Logs and Security Monitoring
To protect the platform and its users, we log security-relevant events:
- Access logs: Every HTTP request (IP address, page visited, timestamp). Retained 90 days. Used for debugging and abuse detection.
- Security events: Failed login attempts, rate limit violations, suspicious patterns. Retained up to 2 years. Used for automated threat detection.
We do not log your gameplay activity (trades, chat messages, fund actions) for surveillance purposes. Gameplay data exists in game tables for the game to function — not for monitoring your behavior.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in platform security) and Art. 32 GDPR (security of processing).
If you delete your account, security log entries linked to your account are anonymized (personal identifiers removed).
Data Breach
In case of a data breach, we will notify the Garante within 72 hours and affected users without undue delay, as required by GDPR Articles 33-34.
Contact
For privacy-related requests: info@fantafinanza.com