Privacy Policy
Last updated: April 2025
This policy describes how Locarisk (operated by Locarisk s.r.l., VAT IT11004371214) collects, uses, and protects personal data when you use our platform.
Cookies and preferences
Locarisk uses a single first-party cookie named locale to store your language preference (English or Italian). This cookie contains no personal data, is not used for tracking or advertising, and expires after one year. No analytics, advertising, or third-party tracking cookies are used.
Account and session data
When you sign in, Locarisk stores a secure session token in an HttpOnly cookie. We also store your email address and organisation membership in our database. Authentication is managed by better-auth and uses one-time codes sent to your email — no passwords are stored.
Uploaded documents
Applicants may upload PDF documents (payslips, contracts, bank statements, identity documents) as part of their questionnaire. Files are stored on the server and are associated with the specific case file. They are accessible only to the agency that created the case and are never shared with third parties.
Billing data
Agency billing is handled by Stripe. When your organisation sets up billing, a Stripe customer record is created. Locarisk stores only your Stripe customer ID — no card numbers or bank details are held on our servers. Stripe's own Privacy Policy governs how payment data is handled.
Your rights
Under applicable data protection law (GDPR), you have the right to access, correct, or request deletion of your personal data. To exercise these rights, contact us at privacy@locarisk.com. We will respond within 30 days.
Data retention
Session data is deleted when you sign out or the session expires. Case files and applicant questionnaire data are retained for as long as the associated agency account is active. On account closure, all personal data is deleted within 90 days.
Contact
Data controller: Locarisk s.r.l., VAT IT11004371214. Privacy enquiries: privacy@locarisk.com.