Privacy Policy

Last updated: October 19, 2025

1. Data Controller

Company: ClimbAI
Location: Italy
Contact: edoardobianchi98@gmail.com
Website: https://climbai.whiteapp.cloud

2. What Data We Collect

2.1 Waitlist Data (Directly Provided by You)

When you join our waitlist, we collect:

• Email address (required) - to notify you about our launch
• Name (required) - for personalized communication
• Age (required) - to ensure you meet our 18+ age requirement
• Bouldering level (required) - to understand our user base and tailor the product
• Gender (required) - for demographic analysis to improve our product for all climbers

2.2 Analytics Data (Automatically Collected)

When you visit our website, if you consent to analytics cookies, we collect:

• IP address (anonymized) - to understand geographic distribution
• Browser type and version - to ensure compatibility
• Device information (desktop/mobile, screen size) - to optimize user experience
• Pages visited and time spent - to understand user behavior
• Referral source (how you found us) - to improve marketing
• Interactions with page elements (clicks, scrolls) - to optimize design

Note: We do NOT collect personally identifiable information through analytics.

2.3 Age Requirement

Our service is only available to users 18 years of age or older. By submitting the waitlist form, you confirm that you are at least 18 years old. If we discover that we have collected data from someone under 18, we will delete it immediately.

3. Legal Basis for Processing (GDPR)

3.1 Waitlist Data

We process your personal data based on your explicit consent (Article 6(1)(a) GDPR), which you provide by:

• Voluntarily submitting the waitlist form
• Checking the required GDPR consent checkbox

3.2 Analytics Data

We process analytics data based on your explicit consent (Article 6(1)(a) GDPR), obtained through our cookie consent banner. You can:

• Accept analytics cookies (enabling Google Analytics)
• Decline analytics cookies (Google Analytics will not load)
• Withdraw consent at any time by clearing your browser data

3.3 Special Category Data

Gender may be considered special category data under some interpretations. We collect this information:

• Purpose: To understand demographics and ensure our product serves all climbers equitably
• Legal basis: Your explicit consent (Article 9(2)(a) GDPR)
• You can: Select "Prefer not to say" or withdraw consent at any time

4. How We Use Your Data

4.1 Waitlist Data

We use your personal data exclusively for:

• Sending launch notification: One email when ClimbAI is ready (primary purpose)
• Demographic analysis: Understanding our audience to build a better product (age, level, gender statistics)
• Service improvement: Analyzing waitlist trends to prioritize features

4.2 Analytics Data

We use Google Analytics data to:

• Understand user behavior: Which pages are most visited, how long users stay
• Improve website performance: Identify slow-loading pages or broken links
• Optimize user experience: Test different layouts and content
• Measure marketing effectiveness: Understand where visitors come from

We will NOT:

• Sell your data to third parties
• Send marketing emails beyond the launch notification (unless you opt-in separately when we launch)
• Share your data except as described in this policy
• Combine analytics data with personally identifiable information from the waitlist

5. Data Processors & Third Parties

5.1 Mailchimp (Email Service Provider)

We use Mailchimp (The Rocket Science Group LLC, USA) to:

• Store your waitlist data
• Send the launch notification email
• Manage unsubscribe requests

International Data Transfer

Mailchimp is based in the United States. Your data is transferred outside the EU/EEA under:

• EU Standard Contractual Clauses (SCCs) - approved by the European Commission
• Mailchimp's GDPR commitment: Data Processing Addendum
• Additional safeguards: Encryption, access controls, regular security audits

Learn more: Mailchimp Privacy Practices

5.2 Google Analytics (Website Analytics)

We use Google Analytics (Google LLC, USA) to analyze website usage. Google Analytics:

• Sets cookies on your device to track behavior across sessions
• Processes data in the USA (with EU-US Data Privacy Framework certification)
• Provides aggregated reports - we only see anonymized statistics, not individual users

GDPR Safeguards We've Implemented

• IP Anonymization: Your IP address is anonymized before processing
• No cross-device tracking: We don't link your activity across devices
• No personalized advertising: We don't use Google's advertising features
• Data retention: Analytics data is automatically deleted after 14 months
• Consent required: Google Analytics only loads if you accept cookies

International Data Transfer

Google Analytics transfers data to the USA under:

• EU-US Data Privacy Framework - Google is certified under this framework
• Google's Data Processing Terms: Google Ads Data Processing Terms
• Standard Contractual Clauses - as additional safeguard

Learn more: Google Privacy Policy | Google Analytics Security

8. Cookies & Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. They allow websites to remember your preferences and understand how you use the site.

8.2 Cookies We Use

Our website uses the following types of cookies:

Cookie Name	Type	Purpose	Duration	Provider
cookieConsent	Strictly Necessary	Stores your cookie consent choice (accept/decline)	1 year	ClimbAI (localStorage)
_ga	Analytics	Distinguishes unique users	2 years	Google Analytics
_gid	Analytics	Distinguishes unique users (short-term)	24 hours	Google Analytics
_gat	Analytics	Throttles request rate	1 minute	Google Analytics

8.3 Cookie Categories

Strictly Necessary Cookies

These cookies are essential for the website to function and remember your cookie preferences. They cannot be disabled.

• cookieConsent: Remembers whether you accepted or declined analytics cookies

Analytics Cookies (Requires Consent)

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

• Google Analytics cookies (_ga, _gid, _gat): Track page views, session duration, bounce rate, and referral sources
• Purpose: Improve website performance and user experience
• Data processed: Anonymized IP, browser info, pages visited, time on site

8.4 Managing Your Cookie Preferences

Via Our Cookie Banner

When you first visit our website, you'll see a cookie consent banner. You can:

• Accept: Allow Google Analytics cookies
• Decline: Block Google Analytics (only strictly necessary cookies will be used)
• Learn More: Read this privacy policy

Via Your Browser

You can control and delete cookies through your browser settings:

• Chrome: Settings → Privacy and security → Cookies
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and site permissions

Note: Blocking cookies may affect website functionality.

Via Google Analytics Opt-Out

You can opt-out of Google Analytics across all websites by installing:

• Google Analytics Opt-out Browser Add-on: Download here

8.5 Third-Party Analytics

Google Analytics may set additional cookies for:

• Cross-site tracking (disabled on our site)
• Demographics and interests (disabled on our site)
• Remarketing (disabled on our site)

We have configured Google Analytics to respect your privacy by:

• Anonymizing IP addresses
• Disabling advertising features
• Disabling data sharing with Google
• Requiring explicit consent before loading

8.6 Do Not Track (DNT)

Some browsers support "Do Not Track" (DNT) signals. When DNT is enabled:

• Our website respects DNT signals
• If you decline cookies or enable DNT, Google Analytics will not load

6. Data Retention

6.1 Waitlist Data

We retain your waitlist data:

• Until you unsubscribe from the waitlist, OR
• 6 months after product launch (whichever comes first)

After this period, your data is permanently deleted from both our records and Mailchimp's systems, unless we have a legal obligation to retain it longer.

6.2 Analytics Data

Google Analytics data is:

• Automatically deleted after 14 months
• Anonymized: Cannot be traced back to individual users
• Aggregated: Only statistical reports are accessible to us

6.3 Cookie Data

Cookies are stored on your device and expire as follows:

• cookieConsent: 1 year (or until you clear browser data)
• Google Analytics cookies: 24 hours to 2 years (see cookie table above)

7. Your GDPR Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

7.1 Right of Access (Art. 15)

Request a copy of all personal data we hold about you.

7.2 Right to Rectification (Art. 16)

Correct any inaccurate or incomplete data.

7.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

Request deletion of your data at any time by:

• Clicking "unsubscribe" in any email from us
• Emailing us at edoardobianchi98@gmail.com
• Clearing your browser cookies (for analytics data)

7.4 Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format (CSV/JSON).

7.5 Right to Object (Art. 21)

Object to processing of your data:

• Waitlist data: Unsubscribe from the waitlist
• Analytics data: Decline cookies or opt-out of Google Analytics

7.6 Right to Restriction of Processing (Art. 18)

Request we limit how we use your data while resolving your concerns.

7.7 Right to Withdraw Consent (Art. 7(3))

Withdraw your consent at any time:

• Waitlist: Click unsubscribe in any email
• Analytics: Clear cookies or use Google's opt-out tool

Withdrawal does not affect prior lawful processing.

7.8 How to Exercise Your Rights

Contact us at: edoardobianchi98@gmail.com

We will respond within 30 days (may extend to 60 days for complex requests).

7.9 Right to Lodge a Complaint

If you believe we're not complying with GDPR, contact your local data protection authority:

• Italy: Garante per la protezione dei dati personali - www.garanteprivacy.it
• EU List: EU Data Protection Authorities

9. Data Security

We protect your data using:

• HTTPS encryption for data transmission
• Mailchimp's security infrastructure: SOC 2 certified, encrypted storage
• Google's security measures: Industry-leading data centers, encryption at rest and in transit
• Access controls: Only authorized personnel can access waitlist data
• Regular security reviews
• Cookie consent mechanism: Analytics only load with explicit permission

Note: No method of transmission over the Internet is 100% secure. While we use commercially reasonable measures, we cannot guarantee absolute security.

10. Automated Decision-Making

We do NOT use automated decision-making or profiling (Article 22 GDPR).

11. Third-Party Links

Our website may contain links to:

• YouTube (demo video)
• Mailchimp's terms and privacy policy
• Google's privacy policy and terms

We are not responsible for the privacy practices of these third parties. Please review their policies separately.

12. Children's Privacy

Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at edoardobianchi98@gmail.com, and we will delete such information.

13. Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes in data processing practices
• New legal requirements
• Product feature additions
• New tracking technologies

We will notify you by:

• Updating the "Last updated" date at the top
• Sending an email if changes are material
• Posting a notice on our website
• Re-requesting consent if required by law

Continued use after changes constitutes acceptance of the new policy.

14. Contact & Data Protection Officer

For any privacy-related questions, concerns, or to exercise your rights:

• Email: edoardobianchi98@gmail.com
• Subject line: "Privacy Request - ClimbAI"

We aim to respond within 24-48 hours (legal maximum: 30 days).

15. Legal Framework

This Privacy Policy complies with:

• EU General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
• Italian Data Protection Code - Legislative Decree 196/2003 (as amended)
• ePrivacy Directive - Directive 2002/58/EC (Cookie Law)
• EU-US Data Privacy Framework - for international data transfers

---

← Back to ClimbAI | Contact Us