Privacy Policy
Last updated: June 25, 2026
This Privacy Policy explains how Dentoku Dev ("we", "us", the "Company") collects, uses, shares and protects your personal data when you visit shipveryfast.dev (the "Site") or purchase ShipVeryFast (the "Product"). We process personal data in accordance with Regulation (EU) 2016/679 (the "GDPR"), applicable Italian data protection law, and, for residents of the United States, applicable US state privacy laws such as the California Consumer Privacy Act as amended (the "CCPA").
1. Definitions
- Personal data means any information relating to an identified or identifiable individual.
- Processing means any operation performed on personal data, such as collection, storage, use, disclosure or deletion.
- Controller means the party that decides why and how personal data is processed. For the Site and the sale of the Product, that is us.
- Processor (or sub-processor) means a third party that processes personal data on our behalf and under our instructions.
- You means the visitor or customer whose personal data we process.
2. Data controller
The data controller is Dentoku Dev, Via Bullona 8, Milan, Italy (VAT no. IT13625480960). For any privacy matter, including the exercise of your rights, you can contact us at support@shipveryfast.dev.
3. Personal data we collect
We collect only the data we need to run the Site, sell and deliver the Product, and support you:
- Order data: your name, email address, billing country and purchase metadata, collected by our payment provider (Stripe) when you check out. We never receive or store your full card number.
- Delivery data: the GitHub username you provide so we can grant you access to the private repository.
- Support data: the contents of any message you send us and the email address you send it from.
- Technical and usage data: IP address, browser and device type, approximate region and pages viewed, collected through privacy-friendly, aggregate analytics and standard server logs used for security.
We do not knowingly collect special categories of data (such as health, biometric or political data) or, for US residents, sensitive personal information.
4. How we collect it
- Directly from you, when you check out, provide your GitHub username or contact support.
- Automatically, through aggregate analytics and server logs when you use the Site.
- From our providers, such as Stripe, which shares order metadata with us after a successful payment.
5. Why we use it and our legal bases
- To process your order, deliver the Product and provide updates and support, on the basis of the performance of our contract with you (GDPR Art. 6(1)(b)).
- To keep our Site and systems secure, prevent fraud and improve the Product, on the basis of our legitimate interests (GDPR Art. 6(1)(f)).
- To meet tax, accounting and other legal obligations (GDPR Art. 6(1)(c)).
- Where required, on the basis of your consent (GDPR Art. 6(1)(a)), which you may withdraw at any time.
We do not sell your personal data, we do not share it for cross-context behavioural advertising, and we do not use it for automated decision-making or profiling that produces legal or similarly significant effects.
6. Artificial intelligence and model training
The Product ships with an optional AI engine that connects to third-party AI providers (such as Anthropic and OpenAI). The Site may also use AI to help answer support questions. In line with the EU AI Act, we want to be transparent about this:
- No training on your data. We do not use your personal data to train AI models, and we instruct our AI providers not to use data we send them to train their models.
- Transparency. Where you interact with an AI feature, it is identified as such so you always know when you are dealing with an automated system.
- Your responsibility when you build. The AI engine in the Product is a tool. When you deploy AI features in your own application, you act as the provider or deployer of that AI system and are responsible for your own compliance with the EU AI Act and other applicable law.
7. Cookies and analytics
We use only strictly necessary cookies required to operate the Site and complete checkout, and privacy-friendly analytics that rely on aggregate data without cross-site tracking. Because these are essential or anonymous, they do not require consent. If we ever introduce non-essential cookies, we will ask for your consent first. You can also block or delete cookies through your browser settings.
8. Service providers and sub-processors
We share personal data only with providers that process it on our behalf under a data processing agreement, and only to the extent needed to provide their service to us:
| Provider | Purpose | Location | Transfer safeguard |
|---|---|---|---|
| Stripe | Payments and checkout | USA, Ireland | EU-US Data Privacy Framework, Standard Contractual Clauses |
| Mailgun (Sinch) | Transactional and order emails | USA | Standard Contractual Clauses |
| Vercel | Website hosting and delivery | USA | EU-US Data Privacy Framework, Standard Contractual Clauses |
| GitHub (Microsoft) | Source code delivery and repository access | USA | EU-US Data Privacy Framework, Standard Contractual Clauses |
We may also disclose personal data where required by law, to comply with a legal obligation, or to protect our rights, property or safety and that of others.
9. International data transfers
Some providers are based outside the European Economic Area, mainly in the United States. Where that is the case, transfers are protected by an adequacy decision, the EU-US Data Privacy Framework, or the European Commission's Standard Contractual Clauses, together with appropriate technical and organisational safeguards.
10. How long we keep it
We keep order and invoicing data for as long as required by tax and accounting law (generally ten years in Italy). Support messages are kept only for as long as needed to handle your request and a reasonable period afterwards. Other personal data is kept only for as long as necessary for the purposes above, after which it is deleted or anonymised.
11. Security
We protect personal data with appropriate technical and organisational measures, including encryption in transit (TLS), access controls, data minimisation, and reliance on PCI-DSS compliant providers for payments so that we never store your card details. No method of transmission or storage is completely secure, so while we work hard to protect your data we cannot guarantee absolute security.
12. Your rights under the GDPR
Under the GDPR you have the right to access, rectify, erase, restrict and port your personal data, to object to processing based on our legitimate interests, and to withdraw any consent you have given. To exercise these rights, email support@shipveryfast.dev. We respond within one month and may need to verify your identity first. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, garanteprivacy.it) or your local supervisory authority.
13. US state privacy rights
California residents (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect and how we use it, to request access to or deletion of your personal information, to request correction of inaccurate information, and to be free from discrimination for exercising these rights. The categories we collect are described in section 3 (identifiers, commercial information and internet or network activity).
We do not sell your personal information and we do not share it for cross-context behavioural advertising, and we do not collect sensitive personal information. To submit a request, email support@shipveryfast.dev; you may use an authorised agent, and we will verify the request before acting on it.
Other US states
Residents of other US states with comprehensive privacy laws may have similar rights to access, correct, delete or obtain a copy of their personal data, and to opt out of sale or targeted advertising. Since we do not sell or target, you can exercise any available right by emailing us at the address above.
14. Children
The Product is intended for professional use and is not directed to children. We do not knowingly collect data from anyone under 16 (or under 13 in the United States). If you believe a child has provided us with personal data, contact us and we will delete it.
15. Links to other sites
The Site and Product may link to third-party websites and services that we do not control. This Policy does not apply to them, and we are not responsible for their privacy practices. Please review their policies before providing them with personal data.
16. Changes
We may update this Policy from time to time. We will post the revised version here with a new "Last updated" date and, where the change is significant, take reasonable steps to notify you.
17. Contact
For any privacy question, or to send a formal request, email support@shipveryfast.dev or write to Dentoku Dev, Via Bullona 8, Milan, Italy.