Refinea logoRefinea
Sign up

Privacy Policy

Last updated: May 15, 2026

Refinea S.r.l. ("Refinea", "we", "our", or "us"), VAT number 06241080875, operates the website refinea.io and the Refinea platform (app.refinea.io). This Privacy Policy explains how we collect, use, store, and share your personal data when you use our services.

1. Data Controller

The data controller is Refinea S.r.l., with registered office in Italy. For any privacy-related inquiries, contact us at privacy@refinea.io.

2. Data We Collect

When you use Refinea, we may collect the following categories of data:

2.1 Account Data

  • Name and email address (provided during signup or via Google Sign-In)
  • Profile picture (if you sign in with Google)
  • Company name and website (provided during onboarding)
  • Billing information (processed by Stripe — we do not store credit card numbers)

2.2 Usage Data

  • Pages visited, features used, and actions taken within the platform
  • Device type, browser, operating system, and IP address
  • Analytics data collected via PostHog (see Section 6)

2.3 Third-Party Connected Data

  • Google Search Console data (search queries, impressions, clicks, pages) — connected by you during onboarding
  • Google Analytics 4 data (traffic, user behavior) — connected by you during onboarding

We only access this data after you explicitly grant permission via OAuth. We do not access any Google data without your consent.

3. How We Use Your Data

We use your data for the following purposes:

  • To provide and operate the Refinea platform (buyer persona generation, AI visibility monitoring, content creation, audits)
  • To authenticate your identity and manage your account
  • To process payments (via Stripe)
  • To analyze platform usage and improve our services (via PostHog)
  • To send you service-related communications (account updates, billing, security alerts)
  • To provide customer support

We do not use your data for advertising. We do not sell your data to third parties. We do not use your Google user data for purposes unrelated to the Refinea platform.

4. Google User Data — Specific Disclosure

When you sign in with Google, we request access to the following scopes:

  • openid — to verify your identity
  • email — to identify your account
  • profile — to display your name and profile picture

We use this data solely to create and manage your Refinea account. We do not share, transfer, or use your Google user data for any purpose other than providing and improving the Refinea platform.

When you connect Google Search Console or Google Analytics, we request access to read your search and analytics data. This data is used exclusively within the Refinea platform to generate buyer personas, monitor AI visibility, and provide actionable insights. We do not share this data with third parties.

Your Google user data is stored securely using Firebase Authentication and is protected by industry-standard security measures. You can revoke Refinea's access to your Google data at any time through your Google Account settings.

Refinea's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. Legal Basis for Processing (GDPR)

We process your data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): to provide you with the services you signed up for
  • Legitimate interest (Art. 6(1)(f) GDPR): to improve our platform and prevent fraud
  • Consent (Art. 6(1)(a) GDPR): for optional analytics and when you connect third-party accounts

6. Analytics and Cookies

We use PostHog for product analytics on our website and platform. On our marketing website (refinea.io), PostHog operates in cookieless mode: no cookies are set, no data is stored in your browser, and no personally identifiable information is collected from anonymous visitors. We have disabled IP address capture for all anonymous visitors. PostHog measures aggregate usage patterns using a privacy-preserving hash that cannot be used to identify individual users. On our platform (app.refinea.io), where you are authenticated, PostHog collects usage data associated with your account to help us improve the product, as described in Section 3 of this policy. PostHog data is hosted in the EU (Frankfurt, Germany) and does not leave the European Economic Area.

We use Stripe for payment processing. Stripe may set cookies necessary for payment functionality.

We use Google Analytics 4 (provider: Google Ireland Limited and Google LLC) on the marketing website to understand how visitors use Refinea so we can improve the product. Google Analytics is loaded with Google Consent Mode v2 in default deniedstate: until you explicitly consent through our cookie banner, only anonymous, aggregated cookieless pings are sent — no cookies are stored on your device and no identifier is created. If you consent, GA4 stores the cookies _ga and_ga_0ZHBMD6QJY for up to 2 years to distinguish unique visitors. IP addresses are anonymized at collection, and behavioral data is retained for 14 months. Legal basis: consent (Art. 6(1)(a) GDPR). Data may be transferred to the United States under the EU–US Data Privacy Framework and Standard Contractual Clauses with Google.

We do not use advertising cookies. We display a cookie consent banner on first visit allowing you to accept, reject, or customize which categories of cookies to enable. Your choice is stored in a first-party cookie (cc_cookie, 6 months) and can be changed at any time via the “Cookie preferences” link in the Footer. Full details are in our Cookie Policy.

7. Data Storage and Transfers

Your account data is stored using Firebase (Google Cloud Platform). Firebase Authentication data is processed in the United States. Google provides Standard Contractual Clauses (SCCs) and adheres to the EU-US Data Privacy Framework to ensure adequate protection of personal data transferred outside the EEA.

Your connected Google Search Console and Google Analytics data is processed within the Refinea platform infrastructure.

Payment data is processed by Stripe, Inc. Stripe is certified under the EU-US Data Privacy Framework.

8. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g., billing records for tax purposes — retained for up to 10 years as required by Italian law).

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access: request a copy of your personal data
  • Right to rectification: correct inaccurate data
  • Right to erasure: request deletion of your data
  • Right to restrict processing: limit how we use your data
  • Right to data portability: receive your data in a structured format
  • Right to object: object to processing based on legitimate interest
  • Right to withdraw consent: withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at privacy@refinea.io.

You also have the right to lodge a complaint with your local data protection authority. In Italy, this is the Garante per la protezione dei dati personali.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS)
  • Firebase Authentication with secure token management
  • Access controls limiting data access to authorized personnel
  • Regular security reviews

11. Children

Refinea is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe we have collected data from a minor, contact us at privacy@refinea.io and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of the platform after changes take effect constitutes acceptance of the updated policy.

13. Contact

Refinea S.r.l.
Email: privacy@refinea.io
Website: https://refinea.io