Privacy Policy

Last updated: April 22, 2026 Version: v1.0 — 2026-04-22

This page explains what happens to your email address when you sign up for the PR Compass waitlist. We wrote it to be readable end-to-end in five minutes, without empty phrasing and without clauses dropped in just to cover our backs. If anything is unclear, write to us — you’ll find the address at the bottom.

1. Who’s responsible for your data

The data controller is Gabriele Magno, an individual based in Fiuggi (FR), Lazio, Italy.

PR Compass is not yet incorporated as a company. We’re one person building a product: no LLC, no VAT number, no team behind a corporate “we.” We still use the editorial plural throughout this policy because it’s the voice you’ll read across the whole site, but legally the responsible party is a single individual.

For anything related to your personal data, reach us at:

gabrigmm+prcompass_privacy@gmail.com

2. What we collect

When you sign up for the waitlist we collect:

  • Your email address, which you type into the form yourself
  • The timestamp of your signup (the date and time you submitted the form)
  • The version of this privacy policy in effect when you signed up (e.g. v1.0 — 2026-04-22): we keep this as an audit trail, so we can show which version of the policy you consented to
  • Any traffic source parameters (UTM parameters) present in the URL when you landed on the page, if any — these help us understand which channels we’re reaching people through

That’s it. In particular we do not collect:

  • Name, last name, company, job title
  • IP address
  • Tracking or profiling cookies
  • Browsing data from other sites
  • Data from social logins or third-party providers

3. What we use it for

We use your email address only to:

  1. Send you a confirmation email that your signup went through
  2. Reach out when we open the PR Compass beta
  3. Send you communications strictly tied to the product launch (for example, a material change in our release timeline)

That’s the whole list. We don’t send newsletters, we don’t run drip campaigns, we don’t sell or share the list with anyone, we don’t send third-party commercial messages. If an email from us ever lands in your inbox and it isn’t directly about your PR Compass signup, it’s a mistake — please tell us.

4. Legal basis

We process your email on the basis of your explicit consent, under Article 6(1)(a) of EU Regulation 2016/679 (GDPR).

Consent is collected via an unchecked checkbox that you tick before submitting the form. No box is pre-checked.

You can withdraw consent at any time by writing to the address at the bottom of this page. Withdrawal doesn’t affect the lawfulness of processing carried out before you withdrew.

5. Who has access to your data

To run the waitlist we rely on three external vendors (sub-processors). Each of them processes your data only for the specific function we’ve assigned, under a Data Processing Agreement (DPA) that restricts what they can do with it.

  • Supabase Inc. — runs the database where your email is stored. The instance is configured in the EU region (Frankfurt, Germany). Standard Supabase DPA in place. Supabase privacy policy

  • Resend Inc. — sends the confirmation and beta-update emails on our behalf. Based in the United States. DPA in place, plus Standard Contractual Clauses (SCCs) for the international data transfer. Resend privacy policy

  • Cloudflare Inc. — hosts the landing page (Cloudflare Pages) and serves web traffic. It has no direct access to the database or to your email address: it only handles the HTTP connections to the site. Cloudflare privacy policy

We don’t share your data with any other vendor, any commercial partner, or any advertising network.

6. Where your data lives

Your email is stored in Europe, in the Supabase database with region Frankfurt (Germany).

The operational copy on Resend, which is required to send you emails, sits on Resend’s infrastructure in the United States (see the next section for details on the transfer).

7. Transfers to the United States (Resend)

To send you email, we use Resend, whose infrastructure provider is based in the United States. This means that when we send you a message, your email address is transferred outside the European Union.

The transfer takes place under Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) of the GDPR, included in the DPA we have with Resend. The SCCs contractually bind Resend to protect the transferred data at a level substantially equivalent to GDPR requirements.

If you have specific concerns about international transfers of your data and would prefer not to sign up for that reason, please don’t join the waitlist. If you’ve already signed up, write to us and we’ll delete your record from the database.

8. How long we keep your data

We keep your email until you ask us to delete it, or until the waitlist is wound down after PR Compass launches. There’s no automatic expiry.

When you ask for deletion:

  • We remove the row from the Supabase database within 7 days
  • We remove the email from the Resend audience within 7 days
  • We send you a final confirmation email once deletion is done

After deletion, no copies of your data remain in our systems, except for any technical logs kept by our vendors (Supabase, Resend, Cloudflare), which expire according to their respective retention policies.

9. Cookies and tracking

We don’t use tracking, analytics, or profiling cookies. No Google Analytics, no Plausible, no Fathom, no Segment or equivalent. No Facebook, LinkedIn, or other ad-platform pixels. No data shared with social networks.

The only cookies you may encounter on the site are essential technical cookies set by Cloudflare for connection security and network performance (for example, attack protection and traffic balancing). These cookies don’t identify you personally and aren’t used for profiling.

10. Your rights

The GDPR gives you a set of rights over your personal data. You can exercise any of them, at any time:

  • Access (Art. 15) — find out whether we hold your data and get a copy
  • Rectification (Art. 16) — correct inaccurate or incomplete data
  • Erasure (Art. 17) — ask us to delete your data (right to be forgotten)
  • Restriction of processing (Art. 18) — temporarily suspend our use of your data
  • Portability (Art. 20) — receive your data in a structured, machine-readable format
  • Objection (Art. 21) — object to processing
  • Withdrawal of consent (Art. 7) — withdraw the consent you gave at signup

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) if you believe the processing of your data violates the GDPR: www.gpdp.it. If you live in another EU country, you can lodge a complaint with your national supervisory authority instead.

11. How to exercise your rights

To exercise any of the rights above, write to:

gabrigmm+prcompass_privacy@gmail.com

We respond within 30 days of receiving the request, as required by Article 12(3) of the GDPR. We won’t ask you to justify or explain the request. We won’t ask for ID unless we have a concrete doubt about the identity of the sender — if we do, we’ll tell you first.

Exercising your rights is free of charge.

12. If PR Compass becomes a company

Today the data controller is an individual. In the coming months we may incorporate a company (an Italian SRL or equivalent), and the controller may change as a result.

If that happens, we’ll notify you by email before the transfer takes effect, telling you the new legal entity, its registered address, and giving you the option to request deletion of your data before the transfer.

13. Changes to this policy

We may update this privacy policy to reflect changes in the services we use, in our sub-processors, or in applicable regulations.

Every update is published at https://prcompass.gabrielemagno.dev/ with:

  • A new “Last updated” date at the top of the page
  • A new version number

For material changes (for example, adding a sub-processor, changing the legal basis, or expanding the purposes of processing) we notify you by email before the changes take effect, with at least 14 days’ notice when possible.

For clarifications or typo fixes we don’t send a notification: we simply update the date and version at the top of the page.

14. Contact

For any question, rights request, complaint, or feedback about this privacy policy:

Email: gabrigmm+prcompass_privacy@gmail.com Controller: Gabriele Magno — Fiuggi (FR), Lazio, Italy

To lodge a complaint with the supervisory authority: Garante per la Protezione dei Dati Personali (Italian DPA) — www.gpdp.it

If you live in another EU/EEA country, you can also lodge a complaint with your national data protection authority.