GDPR Compliant

Privacy Policy

Last updated: April 2026 · EU Regulation 2016/679 (GDPR)

1. Data Controller

The data controller is Francesco Saverio Canepa, operating the MST Platform for private quantitative research purposes. Contact: francescosaverio.canepa@gmail.com

2. Data Collected

The Platform collects the absolute minimum of personal data necessary for operation:

  • Authentication credentials: Username and password provided by the controller for authorized access. Stored as environment variables on the server, not in a database.
  • Session cookie: A single httpOnly session cookie (mst_session) is set upon login. It contains only the string "authenticated" — no personal data, no tracking identifiers.

3. Data NOT Collected

  • No analytics or tracking scripts (no Google Analytics, no Mixpanel, no Hotjar)
  • No IP address logging
  • No third-party advertising or marketing cookies
  • No social media trackers
  • No fingerprinting or device identification
  • No personal data stored in any database

4. Legal Basis for Processing

Under GDPR Article 6(1)(f), the processing of the session cookie is based on the legitimate interest of the controller to secure access to the Platform. No consent mechanism is required for strictly necessary technical cookies (ePrivacy Directive, Article 5(3)).

5. Data Retention

The session cookie expires after 7 days or when the user logs out. No persistent data is retained about user sessions or behavior.

6. Data Sharing

No personal data is shared with any third party. The Platform does not use any third-party services that process personal data. Server hosting (Cloudzy VPS, NYC) processes only trading data, not user personal data.

7. Your Rights (GDPR Articles 15-22)

As a data subject under GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectification of inaccurate data (Art. 16)
  • Erasure / right to be forgotten (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)

To exercise any of these rights, contact: francescosaverio.canepa@gmail.com

8. Supervisory Authority

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.