Privacy Policy

Last updated: January 12, 2026

Data Controller & Contact

Didaflow Srl

C.F. e P. Iva: 04337201208

Via Pietralata 16 – 40122 Bologna, Italy

Data we collect

Contact & account data

  • First and last name
  • Email address
  • Phone number (optional)
  • Organization affiliation

Usage & platform data

  • Access logs and platform usage history
  • IP address and approximate geolocation
  • Browser and device information
  • Navigation data and interaction metrics

Educational data

For client institutions, we process aggregated and anonymized data:

  • Academic performance statistics
  • Enrollment, progression, and retention rates
  • Engagement and learning activity measures

Purpose & legal basis

Service delivery

Providing Academic & Training Intelligence services

Legal basis: Performance of contract (Art. 6(1)(b) GDPR)
Communications & support

Responding to requests, technical support, and updates

Legal basis: Legitimate interest or consent (Art. 6(1)(f) GDPR)
Service improvement

Platform analysis and optimization

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)
Legal compliance

Fulfilling regulatory and tax obligations

Legal basis: Compliance with law (Art. 6(1)(c) GDPR)

Data sharing & partners

We share data with trusted partners when necessary:

  • Technology providers: Cloud hosting and infrastructure partners
  • Academic partners: Collaborating institutions per agreement
  • Legal authorities: When required by law

All partners comply with GDPR and sign data processing agreements.

International data transfers

Data is processed primarily in the EU. International transfers use Standard Contractual Clauses or adequacy decisions approved by the European Commission.

Data retention periods

Contact dataUntil withdrawal
Contractual data10 years post-contract
System logs12 months max
Aggregated / anonymous dataNo limit

Your data rights (GDPR)

Right to access

Know what data we hold about you

Right to rectification

Correct inaccurate data

Right to erasure

Request deletion of your data

Right to restriction

Limit how we process your data

Right to portability

Get your data in a standard format

Right to object

Oppose certain processing activities

Withdraw consent

Remove given permissions anytime

Lodge a complaint

Report to your data protection authority

Exercise your rights: privacy@didaflow.com

Security measures

We implement industry-leading security practices:

  • TLS encryption in transit, AES-256 at rest
  • Role-based access controls (RBAC)
  • 24/7 monitoring and intrusion detection
  • Automated backups and disaster recovery
  • Regular security audits and penetration testing
  • Team data protection training

Cookies & tracking

We use technical and analytical cookies to improve your experience.

For details, see our Cookie Policy.

Policy updates

This Privacy Policy may change to reflect legal or operational updates. We will notify you of significant changes via email. Continued use means you accept the new terms.