Privacy Policy
Last updated: December 15, 2025
1. Introduction
Ferracuti Creative Media ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website nickferracuti.com and use our services.
By using our website and services, you consent to the data practices described in this policy. If you do not agree with the practices described in this policy, please do not use our services.
2. Information We Collect
2.1 Personal Information
When you sign in with Google OAuth, we collect the following information from your Google account:
- Email address
- Name
- Profile picture
- OAuth tokens (access tokens, refresh tokens) for authentication purposes
2.2 Contact Form Information
When you submit our contact form, we collect:
- Name
- Email address
- Message content
- Optional: Phone number, company/event name, project details
2.3 Automatically Collected Information
We automatically collect certain information when you visit our website:
- IP address
- Browser type and version
- Device information
- Pages visited and time spent on pages
- Referring website addresses
- Session data (via cookies for authentication)
3. How We Use Your Information
We use the collected information for the following purposes:
- Authentication: To authenticate and manage your user account
- Communication: To respond to your contact form submissions and inquiries
- Service Improvement: To analyze website usage and improve our services
- Analytics: To understand how visitors interact with our website (via Google Analytics)
- Security: To protect against fraud, abuse, and security threats
- Legal Compliance: To comply with applicable laws and regulations
4. How We Store Your Information
Your personal information is stored securely using the following services:
- Supabase (PostgreSQL Database): User account data, authentication information, and contact form submissions are stored in an encrypted database hosted by Supabase
- Vercel: Our website is hosted on Vercel, which may process server logs and IP addresses
- Session Cookies: Authentication session data is stored in secure, HTTP-only cookies
All data is encrypted in transit (HTTPS) and at rest. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
5. Third-Party Services
We use the following third-party services that may collect or process your information:
5.1 Google OAuth
When you sign in with Google, Google's Privacy Policy applies to the authentication process. We only receive the information you authorize Google to share with us (email, name, profile picture).
5.2 Google Analytics
We use Google Analytics to analyze website traffic and user behavior. Google Analytics uses cookies to collect information such as:
- Pages visited
- Time spent on pages
- Device and browser information
- Geographic location (general area, not precise)
You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
View Google Analytics Privacy Policy
5.3 Supabase
Our database is hosted by Supabase, which processes and stores your data in compliance with GDPR and other data protection regulations.
5.4 Resend (Email Service)
We use Resend to send emails in response to your contact form submissions. Resend processes your email address and message content to deliver emails.
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to:
- Essential Cookies: Required for authentication and website functionality (e.g., session cookies for login)
- Analytics Cookies: Used to analyze website traffic and user behavior (Google Analytics) - requires your consent
You can control cookies through your browser settings. However, disabling essential cookies may affect your ability to use certain features of our website, such as signing in.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:
- User Accounts: Retained while your account is active. You can request deletion at any time.
- Contact Form Submissions: Retained for up to 2 years for business record-keeping purposes.
- Analytics Data: Retained according to Google Analytics' data retention settings (typically 26 months).
8. Your Rights (GDPR & CCPA)
Depending on your location, you have the following rights regarding your personal information:
- Right to Access: Request a copy of the personal information we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete information
- Right to Erasure: Request deletion of your personal information ("Right to be Forgotten")
- Right to Data Portability: Request your data in a structured, machine-readable format
- Right to Object: Object to processing of your personal information
- Right to Restrict Processing: Request restriction of processing in certain circumstances
- Right to Withdraw Consent: Withdraw consent for data processing where consent is the legal basis
To exercise these rights, please contact us at npferracuti@gmail.com. We will respond to your request within 30 days.
9. Account Deletion
You can delete your account at any time by:
- Signing in to your account and using the account deletion feature (if available)
- Contacting us at npferracuti@gmail.com to request account deletion
When you delete your account, we will delete all associated personal information, including:
- Your user account data
- OAuth account links
- Session data
Note: We may retain certain information as required by law or for legitimate business purposes (e.g., contact form submissions for record-keeping).
10. Children's Privacy
Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately, and we will take steps to delete such information.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.
12. Data Security
We implement appropriate technical and organizational security measures to protect your personal information, including:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of data at rest
- Secure authentication mechanisms
- Regular security assessments
- Access controls and authentication
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last updated" date at the top of this page
- Sending an email notification (for significant changes)
Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Legal Basis for Processing (GDPR)
We process your personal information based on the following legal bases:
- Consent: When you sign in with Google OAuth or submit a contact form, you consent to our processing of your information
- Legitimate Interest: We have a legitimate interest in analyzing website usage to improve our services (with your consent for analytics cookies)
- Contractual Necessity: Processing is necessary to provide authentication and account management services