Data Controller
The Data Controller of the personal data collected through this website is Targa. For any request concerning personal data, you can contact us at info@usetarga.app.
Categories of data collected
We collect the following categories of personal data: (a) account data provided directly by the user during registration via our identity provider Clerk — first name, last name, email address; (b) usage data — models added to watchlist, pages viewed, session data; (c) technical data — IP address, browser type, operating system, collected for the functioning and security of the Platform.
Purpose and legal basis
Your personal data is processed for the following purposes: (a) account creation and management — legal basis: performance of a contract (art. 6(1)(b) GDPR); (b) provision of the Targa service including appreciation scores, buying guides and watchlist functionality — legal basis: performance of a contract; (c) communications related to the service — legal basis: legitimate interest (art. 6(1)(f) GDPR); (d) compliance with legal obligations — legal basis: art. 6(1)(c) GDPR. We do not process data for marketing purposes without prior explicit consent.
Data recipients and subprocessors
Your personal data is shared with the following trusted service providers acting as data processors on our behalf: (a) Clerk Inc. (authentication and user management) — United States; (b) Supabase Inc. (database hosting) — European Union; (c) Vercel Inc. (website hosting) — global infrastructure; (d) Anthropic PBC (AI-generated content) — United States. All subprocessors have signed appropriate data processing agreements and guarantee adequate protection measures.
International transfers
Some of our subprocessors are located outside the European Economic Area (United States). For such transfers, we rely on the Standard Contractual Clauses approved by the European Commission pursuant to art. 46 GDPR, which guarantee an adequate level of protection for your data.
Retention period
Account data is retained for as long as your account is active. Upon account deletion, data is removed from our systems within 30 days, except where retention is required by law. Anonymised aggregated data (used for generating scores and statistics) may be retained indefinitely as it no longer constitutes personal data.
Your rights
Under the GDPR, you have the right to: (a) access your personal data; (b) request rectification or erasure; (c) request restriction of processing; (d) data portability; (e) object to processing; (f) withdraw consent at any time (where processing is based on consent); (g) lodge a complaint with a supervisory authority — in Italy, Garante per la protezione dei dati personali (www.garanteprivacy.it). To exercise these rights, contact us at info@usetarga.app.
Security measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or disclosure, including: encryption in transit (HTTPS/TLS), encryption at rest, access controls, regular security audits of our subprocessors, and incident response procedures.
Changes to this Policy
We may update this Privacy Policy to reflect changes in our practices or legal obligations. Material changes will be notified via email or through the Platform. The date of the last update is shown at the top of this page.