Legal

Privacy Policy

Last updated: May 23, 2026

Contents

1. Data Controller

The data controller for personal data collected through firedesk.co is:

FIREDesk
Italy
Email: privacy@firedesk.co

For any privacy-related request, please contact us at the email above.

2. Data We Collect

2.1 Data you provide directly

  • Email address — when you subscribe to the newsletter or create an account
  • Payment information — processed by Stripe (we never store your card details directly)
  • Telegram user ID — if you connect our Telegram bot to receive signals

2.2 Data collected automatically

  • IP address — for security and fraud prevention
  • Browser type and device — for analytics and compatibility
  • Pages visited and time spent — to improve the service
  • Referral source — to understand how users find us

2.3 Data we do NOT collect

  • We do not collect sensitive data (health, political opinions, biometrics)
  • We do not collect data on minors under 16
  • We do not store full payment card numbers — Stripe handles all payment data

3. Purposes & Legal Basis

  • Service delivery — sending daily SPY options signals via email and Telegram.
    Legal basis: contract performance (Art. 6(1)(b) GDPR)
  • Billing & subscription management — processing payments, invoices, refunds.
    Legal basis: contract performance (Art. 6(1)(b) GDPR)
  • Newsletter & marketing emails — educational content, product updates.
    Legal basis: consent (Art. 6(1)(a) GDPR) — you may unsubscribe at any time
  • Analytics & service improvement — understanding usage patterns to improve FIREDesk.
    Legal basis: legitimate interest (Art. 6(1)(f) GDPR)
  • Legal compliance — complying with applicable laws and regulations.
    Legal basis: legal obligation (Art. 6(1)(c) GDPR)

4. Data Retention

  • Account & subscription data — retained for the duration of the subscription + 2 years after cancellation (legal/accounting obligations)
  • Newsletter subscribers — retained until you unsubscribe
  • Payment records — retained for 10 years (Italian tax law requirements)
  • Analytics data — retained for 12 months in aggregated, anonymized form
  • Support communications — retained for 3 years

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only with the following trusted processors:

Stripe (Payment processing)

Stripe, Inc. processes all payment transactions. Your card data is handled exclusively by Stripe under their own privacy policy: stripe.com/privacy

Google Firebase (Infrastructure)

Our backend, database, and authentication run on Google Firebase (Google Cloud Platform). Data is stored in European data centers where possible. Privacy policy: firebase.google.com/support/privacy

Resend (Email delivery)

Transactional and newsletter emails are sent via Resend. Privacy policy: resend.com/legal/privacy-policy

Telegram (Signal delivery)

If you choose to connect via Telegram, your Telegram user ID is stored to deliver signals. Telegram's privacy policy: telegram.org/privacy

Anthropic (AI features)

Some automated content features use Anthropic's Claude AI. No personal user data is sent to Anthropic — only anonymized, internal operational data.

6. International Data Transfers

Some of our processors (Stripe, Google, Resend) may process data outside the European Economic Area (EEA), in particular in the United States.

These transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Data Processing Agreements with each processor

7. Cookies & Tracking

FIREDesk uses a minimal set of cookies:

  • Essential cookies — required for authentication and session management. Cannot be disabled.
  • Analytics cookies — anonymized usage data to improve the service. You may opt out.

We do not use advertising cookies, third-party tracking pixels, or sell browsing data to advertisers.

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

8. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to restriction — limit how we process your data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — withdraw consent for marketing emails at any time

To exercise any of these rights, email us at privacy@firedesk.co. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Italy: Garante per la Protezione dei Dati Personali.

9. Security

We take data security seriously and implement appropriate technical and organizational measures:

  • All data transmitted is encrypted in transit via TLS/HTTPS
  • Data at rest is encrypted by our cloud infrastructure (Google Firebase)
  • Payment data is never stored on our servers — handled exclusively by Stripe (PCI DSS compliant)
  • Access to production systems is restricted to authorized personnel only
  • We use Firebase Authentication and Stripe's security infrastructure

In the event of a data breach that affects your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.

10. Minors

FIREDesk is intended for users aged 18 and over. We do not knowingly collect personal data from minors under 16. If you believe a minor has provided us with personal data, please contact us at privacy@firedesk.co and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email or by displaying a notice on our website at least 14 days before the changes take effect.

The date at the top of this page indicates when the policy was last updated. Continued use of FIREDesk after changes take effect constitutes acceptance of the updated policy.

12. Contact

For any questions, requests, or concerns about this Privacy Policy or how we handle your data:

FIREDesk
Email: privacy@firedesk.co
Website: firedesk.co

We aim to respond to all privacy requests within 30 days.

Disclaimer & Terms Privacy Policy Back to FIREDesk