Updated: 2026-05-15

Privacy policy

My name is Livia Santacroce. I read what AI answers say about Rome's small operators, and I work alone — licensed guides, B&Bs, family trattorias, artisan-food shops. The page stays short because the practice is: one form, one inbox, one purpose. Here, plainly, is what that form sends me, what I do with it, and what you can ask me about your own data.

Who handles your data

The data this page is about belongs with me. It is I, Livia Santacroce, who runs geo-rome.com as an independent editor: no team, no department, one person who opens the messages. Under the General Data Protection Regulation (GDPR) I am the data controller. For any question, or to exercise a right, write to hello@geo-rome.com.

What is collected

Only one path reaches me: the form. It asks for three things, and nothing beyond them —

  • A name, so my reply addresses you correctly.
  • An email address, so the reply has somewhere to land.
  • A free-text message, where you describe the case — the AI answer that worries you, the query that produced it, the business or listing involved, the bilingual page whose Italian and English versions don't line up.

That's all. No account, no login, no payment data entered here, no profile built in the background. The message arrives in an inbox and stays a message. Against automated submissions, the timestamp is kept with a salted SHA-256 fingerprint of the sending IP address; the IP in clear text, browser fingerprints, and device characteristics are never stored.

What is not collected

It is worth naming what this site deliberately refuses:

  • No tracking cookies, in any form. Visits are counted with self-hosted, cookieless, privacy-respecting analytics, served through a first-party proxy on this domain; nothing is shared between sites and no visitor is singled out.
  • No advertising pixels, no remarketing tags, no marketing-automation trackers.
  • No automated profiling, no automated decision producing a legal effect on you.
  • No selling, renting, or sharing of personal data: there is no commercial machine here to feed.

Why the law allows it

When you send the form, processing your name, email, and message rests on Article 6(1)(b) GDPR — steps taken at your request before any agreement. The IP fingerprint that protects the form from abuse rests instead on legitimate interest under Article 6(1)(f). If payment-status data ever appeared for a paid project, the contractual basis would cover it.

How long it is kept

  • Form messages and the email exchange that follows: kept for the duration of the project, then 24 months to preserve the record of the exchange, and erased afterwards. A message that leads to no project is kept 12 months and then deleted.
  • IP fingerprints: kept 90 days, enough to recognise patterns of abuse, then erased.
  • Any payment records: if a paid project produces them, they are kept only for as long as tax and accounting rules require, then deleted.

Your rights

Over the data you send me, the GDPR grants you the right of access, rectification, erasure, portability, restriction, and objection. An email to hello@geo-rome.com is enough to start any of them, and you will get a reply within a month. If you believe your data has been mishandled, you may also raise it with the data-protection supervisory authority of the country where you live.

Where the data is hosted

The servers behind geo-rome.com are located in European Union (Germany). In the rare case where an additional processor (email provider) operated outside the European Union, the transfer relies on standard contractual clauses and on the additional safeguards that party publishes.

Changes to this policy

If the way data is handled changes in a way that matters, this page is revised to say so, and the "Updated" date at the top moves accordingly. A change of real consequence stays flagged on the home page for 30 days, so any returning visitor notices it.