LEADIVO

Policy Brief

Data Stewardship Protocol

At Leadivo, we operate within the constraints of player privacy and app market integrity. This document outlines our operational stance on data handling—technical specifics, not vague promises. We view user data as a liability to be minimized, not an asset to be hoarded.

Our privacy architecture is built for the Italian gaming app landscape, where GDPR compliance is a baseline requirement, not a feature. Every data point we process is scoped to a specific, documented business function, with automated retention schedules that trigger permanent deletion.

Executive Summary

0%

Third-party data sales or sharing for advertising purposes. Client data remains siloed.

30 Days

Default retention period for operational logs. Extended only via contractual agreement.

Role-Based

Access controls enforce the principle of least privilege. No universal 'admin' keys.

Data Processing & Collection

What we see, why we need it, and how long we keep it.

Legal Basis

Contractual Necessity

Art. 6(1)(b) GDPR

Data Type: Client-provided project files (app store assets, creative briefs, technical specifications).
Use Case: To execute the service agreement—app store optimization (ASO) campaigns, ad creative production.
Retention: For the duration of the client contract + 30 days for audit and final reporting. All source files deleted upon project completion unless archival is explicitly requested.

Note from our legal desk: We do not request or store user authentication credentials for client platforms.

Legal Basis

Legitimate Interest

Art. 6(1)(f) GDPR

Data Type: Aggregated, anonymized analytics from your gaming app (e.g., cohort retention rates, feature engagement).
Use Case: To provide our service—the Leadivo diagnostic and optimization recommendations. This data is strictly non-personal (no device IDs, no user emails).
Retention: Anonymized datasets are retained indefinitely for trend analysis. Clients can request deletion of specific project datasets at any time.

No PII Aggregated Metrics No Re-identification
Legal Basis

Explicit Consent

Art. 6(1)(a) GDPR

Data Type: Contact form submissions (name, email, project details).
Use Case: Initial client consultation and proposal development. We do not add these contacts to marketing newsletters without separate, explicit consent.
Retention: 24 months from last contact, after which data is deleted. We maintain a "Do Not Contact" flag based on explicit opt-out requests.

You may withdraw consent at any time by emailing info@leadivo.pro.

Third-Party Processors

We do not share data for marketing or profiling. Our ecosystem is a tightly controlled stack of essential service providers, each bound by a Data Processing Agreement (DPA).

Cloud Infrastructure

EU-based servers only. Server access logs are automatically rotated every 7 days.

Analytics & Reporting

Client-side tools (e.g., Apple App Analytics, Google Play Console) provide the raw data. We only store processed, anonymized reports.

Communication

Encrypted email for client correspondence. Shared project boards (e.g., Notion, Asana) are configured with restricted access.

Field Note: The Italian Clause

Under Italian *Codice della privacy* and GDPR, data subjects have the right to know, correct, and delete their data. For our clients (app developers), this translates to a strict protocol: any player data we access through their stack is covered by their privacy policy, not ours. We are processors, not controllers, for user data.

Scenario: An indie developer in Rome requests a deletion of all project assets. We trigger a 30-day countdown. On day 31, all source files, reports, and cloud instances are permanently erased from our systems. No backups for deleted data.

Your Rights & How to Exercise Them

R1

Access & Portability

Request a copy of all personal data we hold about you. For client data, this includes project reports and correspondence.

R2

Rectification

Correct any inaccurate data (e.g., updated contact info for project billing). We verify updates via the original contact channel.

R3

Erasure

Request deletion of your data. Note: This may terminate ongoing service contracts if essential data is removed.

R4

Objection & Restriction

Object to processing based on legitimate interest. We will evaluate the request against operational needs.

Data Controller Contact

For all data protection inquiries, submit a formal request to our Data Protection Officer. We aim to respond within 30 days of receipt.

Leadivo s.r.l.
Via Roma 123, 00100 Roma, Italy

Email: dpo@leadivo.pro

Phone: +39 06 12345678 (Mon-Fri, 9:00-18:00 CET)

Last Updated: 2026-01-15
Next Review: Q2 2026 (or upon major platform updates)
Abstract data privacy visual
Encrypted Channel