PlatformHeroPlatformHero

Privacy Policy

Last updated: March 4, 2026

1. Data Controller

The data controller is DSC Group Srl, with registered office in Lonate Pozzolo (VA), Italy. For any questions regarding this policy, you can contact us at info@dsc-group.net.

2. Data We Collect

We collect the following categories of personal data:

  • Contact information — name, email address, company name, and message content submitted through the contact form.
  • Account data — email address and encrypted password for partner portal and owner console accounts.
  • Usage data — AI model usage, token counts, and workspace activity logs for billing and service optimization.
  • Technical data — IP address, browser type, operating system, and access timestamps collected automatically through server logs.

3. Purpose of Processing

We process your personal data for the following purposes:

  • Responding to demo requests and contact form inquiries.
  • Providing and maintaining the PlatformHero service, including SaaS and on-premise deployments.
  • Managing partner and client relationships, licensing, and billing.
  • Improving our platform, troubleshooting issues, and analyzing usage patterns.
  • Complying with legal obligations and protecting our legitimate interests.

4. Legal Basis

We process your data based on: (a) your consent when you submit the contact form; (b) the performance of a contract when you use our services; (c) our legitimate interest in improving and securing our platform; and (d) compliance with legal obligations under applicable law, including the EU General Data Protection Regulation (GDPR).

5. Data Retention

Contact form submissions are retained for up to 24 months. Account data is retained for the duration of the business relationship and for up to 10 years thereafter as required by Italian tax and accounting regulations. Usage and technical logs are retained for up to 12 months.

6. Data Sharing

We do not sell your personal data. We may share data with: (a) cloud infrastructure providers (Microsoft Azure) for service hosting; (b) AI model providers when you use their models through PlatformHero — only the prompts and content you submit; (c) authorized partners for client management purposes; and (d) authorities when required by law.

7. International Transfers

Your data may be transferred to countries outside the European Economic Area (EEA) when using third-party AI providers. Such transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions as applicable. On-premise deployments keep all data within your own infrastructure.

8. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request rectification of inaccurate data.
  • Request erasure of your data ("right to be forgotten").
  • Restrict or object to the processing of your data.
  • Request data portability in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

To exercise any of these rights, contact us at info@dsc-group.net.

9. Security

We implement appropriate technical and organizational measures to protect your data, including AES encryption at rest for credentials, JWT-based authentication, RBAC access controls, rate limiting, and encrypted HTTPS connections.

10. Changes to This Policy

We may update this privacy policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this page. We encourage you to review this policy periodically.