TaxArt

Legal

Privacy Policy

Last updated: 15 June 2026

1. Who we are

TaxArt is a service operated by Design Hub Studio SRL, an Italian company. In this policy, "TaxArt", "we", "us" and "our" refer to Design Hub Studio SRL acting as the Data Controller under the EU General Data Protection Regulation (GDPR).

Contact: hello@taxart.it

2. What we do

TaxArt helps foreign property owners understand and manage Italian property obligations. Our services include:

  • IMU calculation services
  • Property tax reviews
  • TARI and general property-tax guidance
  • Document review and explanations in plain English
  • Optional newsletter with practical Italian property-tax information

3. Personal data we collect

To deliver these services we process:

  • Identification and contact data: full name, email address, phone number, country of residence.
  • Property data: comune, address, ownership percentage, property use/type and related notes.
  • Documents you upload: visura catastale, IMU receipts, TARI bills, municipality communications and any other files you choose to send us.
  • Payment data: transaction identifiers and payment status received from Stripe. We do not store full card numbers — these are handled directly by Stripe.
  • Communication data: messages you send us through the contact form or by email.
  • Technical data: IP address, browser/device information, and cookie/consent state (see our Cookie Policy).
  • Newsletter data: email address, name and consent timestamp, only if you explicitly opt in.

4. Why we process it (legal bases)

  • Contract (Art. 6(1)(b) GDPR): to provide the service you purchased — IMU calculations, tax reviews, document handling and customer support.
  • Legal obligation (Art. 6(1)(c)): invoicing, tax and accounting records under Italian law.
  • Legitimate interest (Art. 6(1)(f)): security, fraud prevention, internal recordkeeping and improving our service.
  • Consent (Art. 6(1)(a)): newsletter subscription and any non-essential cookies.

5. Document handling

Documents you upload (e.g. visure catastali, IMU/TARI receipts) are stored in a private, access-controlled bucket on Lovable Cloud / Supabase infrastructure hosted in the EU. Access is strictly limited to TaxArt staff who need them to deliver your service. We do not share these documents with third parties for marketing and we do not use them to train AI models.

Documents and the related order record are retained for the period required by Italian fiscal law (typically up to 10 years for tax-related records) and then deleted or anonymised.

6. Payment processing

Payments are processed by Stripe (Stripe Payments Europe, Ltd.) acting as an independent Data Controller for payment data. When you check out, your card details are submitted directly to Stripe over an encrypted connection. We only receive a transaction reference, the amount and the payment status. Stripe's privacy notice is available at stripe.com/privacy.

7. Service providers (processors)

We use a small number of trusted providers to operate TaxArt:

  • Supabase / Lovable Cloud — EU-hosted database, authentication and document storage.
  • Stripe — payment processing.
  • Email delivery providers — transactional emails (order confirmations, completed calculations) and, only with consent, the newsletter.
  • Hosting / CDN — to serve the website.

Each provider acts under a data processing agreement and is bound to use your data only for the purpose of providing their service to us.

8. International transfers

We keep personal data within the European Economic Area (EEA) wherever possible. Where a provider operates outside the EEA, transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

9. How long we keep data

  • Orders and uploaded documents: for the period required by Italian fiscal/tax law (typically up to 10 years).
  • Contact-form messages: up to 24 months after the last interaction.
  • Newsletter subscriber data: until you unsubscribe or request deletion.
  • Cookie consent record: stored locally on your device until you reset it.

10. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure ("right to be forgotten"), subject to legal retention obligations.
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time (e.g. unsubscribe from the newsletter or change cookie preferences).
  • Lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, garanteprivacy.it).

To exercise any of these rights, email hello@taxart.it. We will respond within one month.

11. Security

We use TLS encryption in transit, encrypted storage at rest, role-based access controls, and strict service-role separation. Despite our safeguards, no transmission over the internet can be guaranteed 100% secure.

12. Children

TaxArt is not directed at children and we do not knowingly collect personal data from anyone under 16.

13. Changes to this policy

We may update this policy from time to time. The "last updated" date above reflects the latest revision. Material changes will be communicated via the website and, where appropriate, by email.