Skip to main content
Back to site

Privacy Policy

Last updated: May 2026

This policy is drafted in accordance with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by D.Lgs. 101/2018.

1. Data Controller

The Data Controller for personal data collected through the Forfy™ application and the website www.forfyapp.com is Carrieri Solutions di Piero Carrieri, VAT No. 03474970732, registered office at Via del Canaletto 98, 74027 San Giorgio Ionico (TA), Italia, reachable at the following email address:

assistenza@forfyapp.com

No Data Protection Officer (DPO) has been appointed, as it is not currently required given the nature and scale of the processing activities. Privacy requests are handled through the contact above.

2. Data Collected

Account data: email address and, if provided, username, required for account creation and management via Firebase Authentication (Google LLC).

Financial and tax data: economic transactions, invoiced amounts, client data in invoices, inventory records and tax configurations (ATECO code, contribution rates). These data are voluntarily entered by the user.

Third-party data entered by the user: any client, supplier or counterparty data included in invoices, notes or accounting records is processed only to generate and manage the features requested by the user, who remains responsible for the lawful entry and use of such data.

Technical data: device information (model, OS version), minimized error logs via Crashlytics (Google LLC), and technical installation identifiers. The marketing website does not use analytics or pixels; any IP addresses processed by the hosting/CDN provider are limited to security, technical page delivery and infrastructure logs.

Data not collected: we do not collect geolocation, biometric, or health data, nor do we profile users for third-party advertising or commercial purposes.

3. Legal Basis for Processing

Contract performance (Art. 6(1)(b) GDPR): account and fiscal data are processed to provide the application services requested by the user.

Legitimate interest (Art. 6(1)(f) GDPR): minimized technical data are processed to ensure security, stability and improvement of the application.

Legal obligation (Art. 6(1)(c) GDPR): where required by applicable Italian tax law.

4. Purpose of Processing

  • Real-time calculation of substitute tax and INPS contributions
  • Issuance and archiving of fiscal documents (PDF invoices)
  • Monitoring DAC7 thresholds on digital marketplaces
  • Management of fiscal deadline calendar
  • Weighted average cost inventory management
  • Technical assistance and resolution of reported issues
  • Service maintenance and security (technical logs)

5. Storage & Security

Data is stored via Firebase (Google LLC), configured where available on resources located in the European Union. Google applies technical and organizational security measures, including encryption in transit and at rest according to the service documentation. Internal access to data is limited to what is necessary for security, maintenance, user-requested support, legal obligations or incident handling.

6. International Data Transfers

Firebase and Crashlytics are provided by Google LLC and Google group companies. Where processing involves transfers to non-EU countries, such transfers rely on the contractual instruments and safeguards described in Firebase/Google Cloud documentation, including Standard Contractual Clauses where applicable. For more information on Google's safeguards, see:

policies.google.com/privacy

7. Retention Period

User data is retained for the duration of the contractual relationship (active account). Upon account deletion, data is deleted or made unavailable within 30 days, except where retention is required by Italian law or documented defensive needs. Residual copies in technical backups may remain for a limited period before ordinary overwrite. Minimized technical data is retained for a maximum of 12 months.

8. Data Processing

Fiscal, accounting and personal data are processed exclusively to provide the app features and user-requested support. App calculations are performed through deterministic rules based on current Italian tax law.

Forfy™ does not perform advertising profiling and does not make automated decisions producing legal effects for the user. Fiscal results shown by the app are operational estimates and support tools: the user remains responsible for verifying them with their tax advisor.

9. Minors

Forfy™ is intended exclusively for adults (at least 18 years of age). We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us immediately at the address below for data deletion.

10. Data Subject Rights (Arts. 15–22 GDPR)

You have the right to:

  • Access (Art. 15): obtain confirmation of processing and a copy of your data
  • Rectification (Art. 16): correct inaccurate or incomplete data
  • Erasure (Art. 17): request deletion of your data ("right to be forgotten")
  • Restriction (Art. 18): limit processing in certain circumstances
  • Portability (Art. 20): receive your data in a structured, machine-readable format
  • Objection (Art. 21): object to processing based on legitimate interest
  • Withdrawal of consent: where processing is based on consent

You can exercise these rights through the app settings (Account section) or by writing to assistenza@forfyapp.com. We will respond within 30 days of receiving your request.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority. In Italy, the competent authority is the Garante per la Protezione dei Dati Personali:

www.garanteprivacy.it

12. Changes to This Policy

We reserve the right to update this policy. Material changes will be communicated via in-app notification or email. Continue to check this page for any updates. The date of the last update is indicated at the top of this page.

13. Contact

For any privacy-related requests or to exercise your rights:

assistenza@forfyapp.com
© 2026 Forfy™. All rights reserved.
Terms of ServiceCookie Policy