Privacy Policy

Last updated: April 28, 2026

This privacy notice is issued under Article 13 of Regulation (EU) 2016/79 ("GDPR") and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (Italian "Privacy Code").

Data controller

This website ("SbortzTech") is a personal portfolio operated by Riccardo Bortolotto, an independent content creator based in Vicenza, Italy, who acts as data controller for personal data collected through this site. For any privacy-related request you can reach us at sbortztech@gmail.com.

No Data Protection Officer (DPO) has been appointed because the conditions set out in Article 37 GDPR are not met.

What data we collect

We only process the minimum amount of data required to keep the site running, prevent abuse, and understand how visitors interact with it. Specifically:

Technical browsing data — when you visit the site, our processors (Google Firebase Hosting, Firestore, App Check and the public CDNs listed below) transiently process your IP address, User-Agent and timestamp as part of standard HTTP server logs, solely for security, anti-abuse and diagnostic purposes. The controller does not store or access these logs.
Pseudonymous visitor ID — a random identifier generated in your browser and stored in localStorage under the key sbortztech_vid. This is pseudonymous data (not directly identifying): it does not contain your name, email or IP, but persists until you clear site data. It is written only if you accept the consent banner.
Firebase Anonymous Auth UID — Firebase issues each visitor an anonymous session needed to authenticate Firestore requests via App Check. It is a technical identifier managed by Google, not linked to a personal account.
Firebase App Check token (reCAPTCHA Enterprise) — generated by Google to verify that requests come from a legitimate browser. It is an anti-bot token, not an advertising cookie.
Usage data — page views, unique visits per day, referrer domain, device category (desktop / mobile / tablet), scroll depth, section views, time spent on page, and clicks on links or buttons (element type, visible label, section). Collected only with your consent.
Contact form data — if you voluntarily submit the contact form, we collect the name, email and message you provide. Providing this data is optional, but without it we will be unable to reply to your enquiry.

The controller does not store IP addresses, precise location data or cross-site browsing history in its own systems, and does not perform cross-site tracking or advertising profiling.

Why we collect it (legal basis)

Consent (Art. 6(1)(a) GDPR and Art. 122 of the Italian Privacy Code) — for first-party analytics and the storage of the pseudonymous visitor ID in your browser. Consent is collected via the banner shown on first visit and may be withdrawn at any time (see "Your rights").
Legitimate interest of the controller (Art. 6(1)(f) GDPR) — for Firebase App Check / reCAPTCHA Enterprise and for the technical logs of our processors, in order to protect the site against automated abuse and attacks. The legitimate interest is balanced by using only data strictly necessary for security, by short retention, and by the absence of any marketing purpose. A Legitimate Interest Assessment (LIA) is available on written request.
Pre-contractual measures taken at your request (Art. 6(1)(b) GDPR) — when you submit the contact form, your data is processed solely to reply to your message.

The controller does not carry out automated decision-making or profiling under Art. 22 GDPR.

How long we keep it

Pseudonymous visitor ID and analytics: the ID is kept in your browser for up to 13 months after your last visit or until you clear site data; server-side aggregated statistics are retained for historical purposes in cumulative form.
Firebase Anonymous Auth session and App Check tokens: expire automatically within 1 hour of the last request and are silently refreshed; they are not retained server-side.
Contact form messages: kept for as long as needed to handle the conversation and in any case no longer than 24 months, save extension for legal-defence purposes (Art. 2946 of the Italian Civil Code). Deleted earlier on request.

Third-party services (data processors)

To deliver the site we rely on the following entities, appointed as data processors under Art. 28 GDPR. Each operates in accordance with its own privacy policy:

Google Firebase / Google LLC (Hosting, Firestore, Authentication, App Check, reCAPTCHA Enterprise) — infrastructure, analytics storage, anonymous authentication and bot protection. Also loads resources from gstatic.com, firestore.googleapis.com, firebaseappcheck.googleapis.com and googleapis.com. Firebase privacy · Google privacy.
EmailJS Inc. — delivers contact form messages to our inbox. EmailJS privacy.
jsDelivr, unpkg, cdnjs — public CDNs that serve third-party JavaScript libraries (GSAP, Lenis, Three.js, EmailJS SDK). These may log your IP as part of standard HTTP server logs. jsDelivr privacy.
Unsplash Inc. — when some product cards do not have a custom image, an image is loaded directly from images.unsplash.com. Unsplash receives the visitor's IP as part of the standard HTTP request. Unsplash privacy.

The controller has signed Data Processing Agreements (DPAs) under Art. 28 GDPR with each of the above processors.

Cookies and local storage

This site does not use advertising, profiling or cross-site tracking cookies. It uses only the following browser-side storage technologies:

sbortztech_consent (localStorage) — technical, always active: records your choice on the banner ("accept" / "reject") so it is not shown on every visit.
sbortztech_vid (localStorage) — analytics, consent-based: pseudonymous visitor ID, written only after "Accept".
_ejsLast, _ejsSendCt (localStorage) — technical, always active: contact form rate-limiter, written only if you submit a message, to prevent spam.
_swKilled (sessionStorage) — technical, always active: flag that prevents repeated reloads while obsolete service workers are being uninstalled.
IndexedDB firebaseLocalStorageDb — technical, always active: managed automatically by the Firebase SDK to store the anonymous session and App Check tokens; required for the site to function.

You can withdraw your consent or change your choice at any time by clicking "Privacy settings" in the site footer, or by manually clearing all data from your browser's settings (Site data → Clear).

Affiliate links

This site contains affiliate links to the following partner brands: Wallhack, IQUNIX and WLmouse. If you purchase a product through one of these links we may earn a commission, at no additional cost to you. Affiliate relationships do not influence the editorial content of this site — recommendations are based on personal use. A visible disclosure is provided directly in the "Collaborations & Affiliations" section of the homepage, in accordance with AGCM Digital Chart 2.0 and the Italian "Linee guida sulla comunicazione commerciale diffusa sui social media" (January 2024).

International data transfers

Some of our processors are based outside the European Economic Area — primarily Google LLC (Firebase Hosting, Firestore, Authentication, App Check, reCAPTCHA) and EmailJS Inc., both based in the United States. When data leaves the EEA, the transfer is protected by one of the safeguards listed in Chapter V GDPR (Artt. 44–49):

the EU–U.S. Data Privacy Framework adequacy decision adopted by the European Commission on 10 July 2023, to which Google LLC is self-certified;
the Standard Contractual Clauses (SCCs — Commission Decision 2021/914) incorporated into the processors' data processing agreements, together with supplementary technical measures (encryption in transit and at rest).

You can review each processor's transfer safeguards in their privacy policies linked above.

Your rights

Under Articles 15–22 GDPR and the Italian Privacy Code you have the right to:

access your personal data and obtain a copy (Art. 15);
rectify inaccurate or incomplete data (Art. 16);
erase your data ("right to be forgotten", Art. 17);
restrict processing in case of dispute (Art. 18);
obtain portability of your data in a structured format (Art. 20);
object to processing based on legitimate interest (Art. 21);
withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7(3) GDPR). For analytics you can do this by clicking "Privacy settings" in the footer and selecting "Reject".

To exercise these rights, email sbortztech@gmail.com. Requests will be answered within one month (extendable by two months for complex requests, under Art. 12(3) GDPR) and free of charge, unless they are manifestly unfounded or excessive.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome) or with another competent supervisory authority.

Changes to this policy

We may update this policy from time to time to reflect legal or operational changes. The date at the top of this page reflects the most recent revision. In case of substantive changes, your consent will be requested again on your next visit.

Questions? sbortztech@gmail.com