Skip to content
Miraat·dweb developer journey, reflected
IT EN FR عربي

LEGAL

Privacy Policy

Last updated: 2026-05-04

This policy explains how personal data of visitors to miraatdweb.com (the Site) is processed. It is drafted under EU Regulation 2016/679 (GDPR) and applies to all users worldwide.

1. Data controller

The data controller is the operator of the Site, reachable at legal@miraatdweb.com. To exercise the rights listed under §8, please write to that address.

2. Personal data processed

  • Account data (if you sign up): email address, display name, password (stored bcrypt-hashed — not readable by the controller), preferred language.
  • Progress data (when authenticated): skill completion status, personal notes, active roadmap.
  • Technical data: IP address, user-agent, access timestamp, web server logs. Kept for 90 days for security purposes.
  • Technical cookies: ci_session (session duration, ~2h, required for authentication), miraat_lang (language preference, 1 year), CSRF token (anti-forgery). No profiling or marketing cookies are used.
  • Contact form messages: name, email, message. Sent via email to the controller; not stored in any database.

3. Purposes and legal bases

  • Providing the learning service (account, progress, content) — basis: performance of a contract (art. 6.1.b GDPR).
  • Site security and abuse prevention — basis: legitimate interest (art. 6.1.f GDPR).
  • Responding to contact requests — basis: pre-contractual measures / consent (art. 6.1.a/b GDPR).
  • Compliance with legal obligations — basis: legal obligation (art. 6.1.c GDPR).

4. Retention period

  • Account: until deletion requested by the user, or after 24 months of inactivity.
  • Technical logs: 90 days.
  • Contact messages: only as long as needed to handle the request, then deleted from the inbox.

5. Sharing

Data is never sold or rented. It is shared only with the technical providers required to operate the service:

  • Namecheap Inc. (USA) — shared hosting provider.
  • Anthropic PBC (USA) — generation of the "skill of the day". No personal user data is sent: the prompt only contains the topic slug and a list of recently generated topics.
  • Google LLC — delivery of web fonts (Inter, Reem Kufi, Tajawal, JetBrains Mono) requested by the user's browser.

6. Transfers outside the EU

The Site's servers (Namecheap) and the providers above are based in the United States. Transfers rely on appropriate safeguards (European Commission Standard Contractual Clauses and/or participation in the EU-U.S. Data Privacy Framework).

7. AI-generated content

The "skill of the day" section is automatically generated by Anthropic's Claude model. Texts may contain inaccuracies and do not replace professional advice. No personal user data is used for generation.

8. Your rights

Under articles 15–22 GDPR you have the right to:

  • access your personal data and obtain a copy;
  • rectify inaccurate data or complete it;
  • request erasure (right to be forgotten);
  • restrict processing;
  • object to processing based on legitimate interest;
  • receive your data in a structured format (portability);
  • withdraw consent at any time, where applicable.

To exercise these rights, write to legal@miraatdweb.com. We respond within 30 days.

9. Right to lodge a complaint

You have the right to lodge a complaint with the Italian Data Protection Authority (garanteprivacy.it) or with the supervisory authority of the EU Member State where you reside.

10. Changes

Any changes to this policy will be published on this page with an updated date. Please review it periodically.