Privacy policy - Metagate APP

Privacy Policy

Last updated: 04.03.2025

Metagate S.r.l., with its operational headquarters at Via Gallarate 112 - 20151 Milan and its legal headquarters at Via Giosuè Carducci 32 - 20123 Milan, as the Data Controller under the EU Regulation 2016/679 (GDPR), informs users about the methods and purposes of the processing of personal data carried out through the Metagate webapp (www.app.themetagate.it).

1. Type of data processed: Metagate collects and processes the following personal data:

  • Registration information: email address, data provided via Google, Facebook, Discord login.

  • Blockchain wallet information: exclusively the public wallet address (Metamask, Wallet Connect), used to identify the owned NFTs. No login via wallet takes place and no proprietary smart contracts are activated.

  • User-generated information: uploaded assets (png, jpg, glb, pdf, mp3, mp4 files), Google Drive link.

  • Avatars generated through ReadyPlayerMe and their related configurations.

  • Conversations with GPT assistants via OpenAI, limited to the content required for the operation of the service.

  • Privacy consents, marketing, terms and conditions.

2. Purpose of processing: The data is processed for:

  • Management and provision of the service;

  • User authentication management;

  • Archiving and viewing of digital assets;

  • Interactions with virtual assistants;

  • Direct marketing with explicit consent;

  • Anonymous usage statistics for the continuous improvement of the web app;

  • Possibility of selling anonymous usage data exclusively related to user tracking within mixed reality experiences.

3. Legal basis for processing: The treatment is based on:

  • Explicit consent provided by the user (art. 6, par. 1, lett. a GDPR);

  • Need to execute a contract to which the user is a party (art. 6, par. 1, lett. b GDPR);

  • Legal obligations to which the Data Controller is subject (art. 6, par. 1, lett. c GDPR).

4. Data processing methods and security: The data is primarily processed using IT and telematic tools, adopting appropriate security measures to ensure the protection and confidentiality of users' information:

  • Database hosted on Supabase with data encrypted in transit and at rest;

  • Automatic deletion of personal data in a cascading manner if the user deletes their account;

  • Separate and anonymous management of the table related to user tracking in mixed reality experiences;

  • Secure authentication via OAuth;

  • Management of consents through specific documentable and revocable checkboxes at any time;

  • Regular encrypted backups of personal data, stored securely and protected for timely recovery in case of an incident;

  • Incident management with timely notifications to the affected users and the competent Authority within 72 hours of detecting the incident.

5. Data retention period: Personal data will be retained as long as necessary for the purposes described and as long as the account is active. After the account is deleted, all associated personal data will be immediately deleted, except for anonymous data related to experience tracking.

6. Sharing and transfer of data: Metagate does not sell or transfer personal data to third parties for commercial purposes. It may share data with:

  • Cloud service providers (Supabase, Google Cloud);

  • Payment and invoicing services (Stripe);

  • Suppliers of AI and blockchain services (OpenAI, Metamask, Wallet Connect);

  • Competent authorities as provided by law.

Personal data will not be transferred outside the European Economic Area (EEA) except in compliance with the guarantees provided by the GDPR.

7. Minimum age required: The use of the Metagate web app is reserved exclusively for users who are at least 18 years old. By registering for the web app, the user declares that they have reached the age of majority.

8. User Rights: Users can exercise the rights provided by the GDPR:

  • Access, correction, and deletion of data;

  • Limitation or opposition to processing;

  • Withdrawal of consent (in particular for marketing and communications);

  • Data portability.

To exercise these rights, you can send a request to the email address: dpo@themetagate.it.

9. Complaints: Users have the right to file a complaint with the Data Protection Authority if they believe their rights have been violated.

10. Contacts: Metagate S.r.l.
Operational Headquarters: Via Gallarate 112 - 20151 Milan
Legal Headquarters: Via Giosuè Carducci 32 - 20123 Milan
Email: contact@themetagate.it
DPO: dpo@themetagate.it

Metagate reserves the right to update this Privacy Policy, committing to promptly inform users through direct communication or notice on the platform.