PIRIDI
PIRIDI
Privacy Policy

Last updated: June 29, 2026

This Privacy Policy explains how PIRIDI (piridi.net) collects, uses, and protects personal data in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).

1. Data Controller

The data controller responsible for processing your personal data is:

Piero Berni Millet

Platform: PIRIDI — piridi.net

Contact: [email protected]

2. Data We Collect
a) Account data (provided by you at registration)
  • Full name
  • Email address
  • Institutional or academic affiliation
  • Password (stored as a cryptographic hash — never in plaintext)
b) Technical and usage data (collected automatically)
  • IP address (for security and anti-spam purposes)
  • Browser type and version
  • Pages visited and timestamps
  • Session identifiers
c) Research contributions (provided by you)

Academic data you enter on the platform: inscriptions, artefacts, findspot records, prosopographic entries, bibliographic references, images, and comments. This data forms the core content of PIRIDI and is associated with your account in the activity log.

d) Analytics data (collected via cookies)

Aggregated usage statistics collected through Google Analytics via Cloudflare proxy. See Section 5 (Cookies) for details.

3. Purposes and Legal Bases

We process your data for the following purposes and on the following legal bases under GDPR art. 6:

Purpose Legal basis
Account management and authentication Contract performance — art. 6(1)(b)
Providing platform services Contract performance — art. 6(1)(b)
Security, spam, and fraud prevention Legitimate interest — art. 6(1)(f)
Attribution of research contributions Legitimate interest — art. 6(1)(f)
Platform analytics and improvement Consent — art. 6(1)(a)
Transactional emails (email verification, notifications) Contract performance — art. 6(1)(b)
4. Data Processors (Third Parties)

We share data with the following processors, each bound by GDPR-compliant data processing agreements:

Processor Purpose Location
DigitalOcean Server hosting AMS3, Amsterdam, Netherlands (EU)
Amazon Web Services (S3) File and image storage eu-west-3, Paris, France (EU)
Google Analytics (via Cloudflare) Usage analytics Google LLC, USA (SCCs apply — see §6)
Cloudflare CDN, proxy, and security Global network
Amazon SES (Simple Email Service) Transactional email delivery Amazon Web Services, Inc., USA (SCCs apply — see §6)
5. Cookies

PIRIDI uses two categories of cookies:

Cookie Category Purpose Duration
laravel_session Strictly necessary Maintains your authenticated session Session
XSRF-TOKEN Strictly necessary Protects against Cross-Site Request Forgery (CSRF) attacks Session
_ga, _gid Analytics Distinguishes users for Google Analytics 2 years / 24 h
_gcl_au Analytics Conversion tracking via Google 90 days

Strictly necessary cookies do not require consent and are essential for the platform to function. Analytics cookies require your consent. You can opt out of Google Analytics tracking at any time via your browser settings or using the Google Analytics opt-out browser add-on.

6. International Data Transfers

Data processed by Google Analytics and Amazon SES is transferred to the United States — to Google LLC and Amazon Web Services, Inc. respectively. These transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission pursuant to GDPR art. 46(2)(c), ensuring an adequate level of protection for your personal data.

Cloudflare may route traffic through servers outside the EU/EEA as part of its global network. Data is processed in accordance with Cloudflare's GDPR commitments and SCCs. Our server hosting (DigitalOcean AMS3) and file storage (AWS S3 eu-west-3) are located within the EU and do not involve international transfers.

7. Data Retention
  • Account data: retained until you request account deletion.
  • Security logs (IP addresses): 30 days.
  • Analytics data: 14 months (Google Analytics default retention setting).
  • Research contributions: retained indefinitely as part of the academic database; they may be anonymised upon account deletion, but cannot be fully removed if they have been cited or incorporated into the scientific record.
8. Your Rights

Under GDPR (arts. 15–22) you have the following rights:

  • Right of access (art. 15) — Obtain a copy of your personal data.
  • Right to rectification (art. 16) — Correct inaccurate or incomplete data.
  • Right to erasure (art. 17) — Request deletion of your personal data ("right to be forgotten").
  • Right to data portability (art. 20) — Receive your data in a structured, machine-readable format.
  • Right to restriction of processing (art. 18) — Request that we limit how we use your data.
  • Right to object (art. 21) — Object to processing based on legitimate interest.
  • Right to withdraw consent (art. 7(3)) — Withdraw your consent for analytics cookies at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Supervisory Authority
You also have the right to lodge a complaint with the Spanish Data Protection Authority:
Agencia Española de Protección de Datos (AEPD)
www.aepd.es — C/ Jorge Juan, 6, 28001 Madrid, Spain
9. Data Security

We implement appropriate technical and organisational security measures to protect your personal data, including:

  • Encrypted data transmission via HTTPS/TLS.
  • Cryptographic hashing of passwords (never stored in plaintext).
  • Access controls restricting data access to authorised personnel only.
  • Regular security monitoring of the platform infrastructure.
10. Children's Data

PIRIDI is an academic research platform intended for researchers and students aged 16 or over. We do not knowingly collect personal data from persons under 16. If you believe that a person under 16 has registered, please contact us at [email protected] so we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Registered users will be notified of material changes by email. The date at the top of this page indicates the last revision. We encourage you to review this page periodically.

12. Contact

For all data protection matters, or to exercise your rights, please contact: [email protected].