Privacy Policy
Last updated: March 2, 2026
This Privacy Policy describes how Leone Ventures srl ("we", "us", or "the Company") collects, uses, and protects personal data when you visit and use calamity.live ("the Platform"). The Platform is a real-time global disaster monitoring dashboard that aggregates publicly available data from governmental and scientific sources.
We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR — Regulation 2016/679), the Italian Privacy Code (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018), and all applicable data protection legislation.
1.Data Controller (Titolare del Trattamento)
- Company: Leone Ventures srl
- VAT (P.IVA): IT04892500614
- Registered office: Caserta (81100), Italy
- Email: info@leone-ventures.com
- Website: leone-ventures.com
2.Data We Process
Calamity.live is designed with a privacy-first approach. We do not use tracking cookies, analytics cookies, or profiling technologies. The personal data we process is limited to the following:
2.1 Navigation Data
- IP address — processed server-side exclusively for rate limiting and abuse prevention. IP addresses are not stored persistently and are discarded after each request.
- Session ID — a randomly generated identifier used to track active user presence on the Platform (displayed as a "users online" counter). This ID is held in server memory only, expires after 2 minutes of inactivity, and is never written to any database or log.
2.2 Contact Form Data
- When you submit our contact form, we collect your name, email address, and message content. This data is transmitted to our inbox via Formspree and is used solely to respond to your inquiry.
2.3 API Subscription Data (Planned)
- If you subscribe to the Calamity API, we collect your email address and store a hashed API key in our database (hosted on Supabase). Payment information is processed entirely by Stripe and is never stored on our servers.
3.Legal Basis for Processing
We process personal data under the following legal bases as defined by Art. 6 GDPR:
| Data | Legal Basis | Reference |
|---|---|---|
| IP address (rate limiting) | Legitimate interest | Art. 6(1)(f) |
| Session ID (presence) | Legitimate interest | Art. 6(1)(f) |
| Contact form data | Consent | Art. 6(1)(a) |
| API subscription data | Contract performance | Art. 6(1)(b) |
| reCAPTCHA tokens | Legitimate interest | Art. 6(1)(f) |
Where processing is based on legitimate interest (security, rate limiting, and spam prevention), we have assessed that these interests do not override your fundamental rights and freedoms, given the minimal nature of the data collected and the absence of profiling.
4.Processing Methods
Personal data is processed using automated means with appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction. Data is transmitted over encrypted connections (HTTPS/TLS). We do not perform automated decision-making or profiling as defined by Art. 22 GDPR.
5.Data Retention
- IP addresses — not stored; processed in real-time for rate limiting and immediately discarded.
- Session IDs — held in server memory for a maximum of 2 minutes after the last activity, then automatically purged.
- Contact form submissions — retained for as long as necessary to respond to your inquiry, and no longer than 12 months.
- API subscription data — retained for the duration of the subscription and for up to 10 years thereafter as required by Italian tax and accounting regulations.
- Theme preference — stored locally in your browser (localStorage) and never transmitted to our servers.
6.Your Rights
Under GDPR (Articles 15–22), you have the following rights regarding your personal data:
- Right of access (Art. 15) — obtain confirmation of whether your data is being processed and receive a copy.
- Right to rectification (Art. 16) — correct inaccurate personal data.
- Right to erasure (Art. 17) — request deletion of your personal data ("right to be forgotten").
- Right to restriction (Art. 18) — restrict processing under certain conditions.
- Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interest at any time.
- Right to withdraw consent (Art. 7(3)) — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at info@leone-ventures.com. We will respond within 30 days of receiving your request.
7.Cookies and Local Storage
Calamity.live does not use tracking cookies, analytics cookies, or any form of profiling cookies. The only client-side storage we use is:
- Theme preference (localStorage) — a purely technical value ("light" or "dark") that stores your display theme choice. This data never leaves your browser.
Third-party services embedded on the Platform (such as Google reCAPTCHA) may set their own cookies. Please refer to the respective service's privacy policy for details (see Section 8 below).
8.Third-Party Services
The Platform integrates the following third-party services. Data may be transferred to servers located outside the EU/EEA, with appropriate safeguards in place (Standard Contractual Clauses or adequacy decisions):
Google reCAPTCHA v3
Used on the contact form to prevent spam. Google may collect IP addresses, browser data, and interaction patterns. See Google Privacy Policy.
Formspree
Processes contact form submissions (name, email, message). See Formspree Privacy Policy.
Stripe (Planned)
Will process API subscription payments. Stripe handles all payment data (credit card numbers, billing address) directly; we never receive or store card details. See Stripe Privacy Policy.
Supabase
Hosts our database for API subscription management (email addresses and hashed API keys). See Supabase Privacy Policy.
MapLibre GL / OpenMapTiles
Renders the interactive map. Map tile requests are sent to tile servers, which may log IP addresses as part of standard web server operations. No personal data beyond the IP address is transmitted.
Vercel
Hosts the Platform. Vercel may process IP addresses and request metadata as part of infrastructure operations. See Vercel Privacy Policy.
9.Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Material changes will be communicated through a visible notice on the Platform.
10.Contact and Complaints
For any questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, please contact us:
- Email: info@leone-ventures.com
- Company: Leone Ventures srl
- Address: Caserta (81100), Italy
If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with the Italian Data Protection Authority:
- Authority: Garante per la Protezione dei Dati Personali
- Website: www.garanteprivacy.it
- Email: protocollo@pec.gpdp.it