Legal
Privacy Policy
Last updated: 10 July 2026
This Privacy Policy explains how Shazark S.r.l. ("tapphost", "we", "us") collects, uses and protects your personal data when you visit tapphost.com or use our hosting, AI automation and marketing services, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Italian law.
1. Data Controller
Shazark S.r.l. — VAT/P.IVA IT12620720966 — REA 2673165
Registered office: Corso Buenos Aires 77, 20124 Milano (MI), Italy
Website: tapphost.com · Email: [email protected] · PEC: [email protected]
2. What data we collect
- Account & contact data — name, email, phone, company, billing address, VAT number / Codice Fiscale, and (for Italian VAT-registered businesses) SDI code or PEC used for electronic invoicing.
- Service data — the websites, domains, files, databases and configurations you host with us.
- Payment data — processed by our payment providers (e.g. Stripe, PayPal); we store only tokens/references, never full card numbers.
- AI & automation data — content and messages processed by AI agents and automations you enable, used to deliver those features.
- Usage & technical data — IP address, browser/device, pages viewed, logs, needed for security and to operate the service.
- Cookies & similar technologies — see our Cookie Policy.
3. Purposes and legal bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide hosting, AI and marketing services; manage account and billing | Performance of a contract (Art. 6(1)(b)) |
| Security, fraud prevention, service improvement, aggregate statistics | Legitimate interest (Art. 6(1)(f)) |
| Statistics & marketing cookies, promotional emails | Consent (Art. 6(1)(a)) |
| Accounting, tax and legal obligations (incl. e-invoicing) | Legal obligation (Art. 6(1)(c)) |
4. AI-powered features
When you enable AI agents or automations, relevant content may be processed by AI/LLM providers acting as our processors to generate responses and perform actions. We do not use your customers' conversation data to train third-party foundation models without a legal basis, and we contractually bind providers to appropriate safeguards.
5. Recipients and processors
We share data only with providers who process it on our behalf under a data-processing agreement, including our infrastructure/hosting provider, payment processors, email/SMTP providers, analytics providers (with consent), and AI/LLM providers for the features you activate. We never sell your personal data.
6. International transfers
Where a provider processes data outside the EU/EEA, we rely on adequacy decisions or Standard Contractual Clauses and additional safeguards as required by the GDPR.
7. Data retention
We keep personal data only as long as necessary for the purposes above: for the duration of your contract and, thereafter, for the periods required by accounting and tax law (generally 10 years for invoicing data) or to defend legal claims. Service and log data are retained for shorter, security-appropriate periods.
8. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict and port your data, to object to processing, and to withdraw consent at any time. To exercise your rights, contact [email protected]. You may also lodge a complaint with the Italian Data Protection Authority (Garante, garanteprivacy.it).
9. Security
We apply appropriate technical and organisational measures — encryption in transit (HTTPS/SSL), access controls, backups and monitoring — to protect personal data against unauthorised access, loss or alteration.
10. Cookies
We use cookies as described in our Cookie Policy. You can manage your choices anytime via the "Cookie preferences" link in the site footer.
11. Changes
We may update this Policy; the "Last updated" date reflects the latest version. Material changes will be communicated through the site.