Privacy Policy

Last updated: 2 June 2026

Who we are

Really Really Me is operated by Marco Matarazzo, acting as the data controller. You can reach us at marco@esagonorosso.com for any matter related to this privacy policy or to exercise your rights.

What information we process

When you use Really Really Me, the following personal data is processed:

• The name you (or your invitees) type on the verification page — provided voluntarily, for the purpose of being shown back to the room host.
• The optional context message a host may write when creating a room — provided voluntarily, shown to the invitees.
• Two strictly-necessary cookies set in your browser — see our Cookie Notice for details.

We do not collect, store, or log: IP addresses, user-agent strings, geolocation, device identifiers, or any other identifier. We do not use analytics services, advertising networks, or third-party tracking.

Why we process this data (legal basis)

We rely on legitimate interest (Article 6(1)(f) GDPR): both the host and the invitees have a clear interest in confirming, through a separate channel, the identity of the person they are communicating with. We process the minimum personal data necessary to deliver that service, nothing more.

How long we keep data

• A verification room and all of its submissions are automatically deleted within approximately 1 hour of room creation. Specifically: a room expires 1 hour after it is created, and a background cleanup task — which runs every 5 minutes — then removes the database row on its next sweep. The worst-case lifetime of any record is therefore around 1 hour and 5 minutes.
• We keep no backups of personal data and no offline copies.

Where data is stored

All data is stored on a single server located in the European Union (Paris, France), operated by Scaleway SAS. We do not transfer personal data outside the EU/EEA.

Who can access your data

Only the host of the verification room (identified by an HttpOnly cookie in their browser) can see the verifications submitted to that room, and only for as long as the room is active. We do not share data with any third party. We do not sell, rent, or otherwise transfer personal data to anyone.

Your rights under GDPR

You have the right to:

• Access the personal data we hold about you (Article 15)
• Request rectification (Article 16) or erasure (Article 17)
• Restrict or object to processing (Articles 18 and 21)
• Lodge a complaint with your supervisory authority — in Italy, the Garante per la protezione dei dati personali

To exercise any of these rights, email marco@esagonorosso.com. We will respond within 30 days. Please be aware that, because all data is automatically deleted within 1 hour, by the time most requests are processed there is typically nothing left to access or delete.

Security

The service is served exclusively over HTTPS with a valid TLS certificate. Cookies are marked HttpOnly and SameSite=Lax; over HTTPS they are also marked Secure. The database is on the same machine as the application, not exposed to the public network.

Changes to this policy

We may update this policy as the service evolves. The "last updated" date at the top of this page reflects the most recent revision.