ITEN
← juvant.io

Privacy Notice

juvant.io · Last updated: 27 May 2026 · Version 0.3.1

Notice provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) to users who visit the juvant.io website and its subdomain vant.juvant.io.

Note.This notice concerns exclusively the browsing of the institutional juvant.io website and of the vant.juvant.io subdomain shell (the static pages that host the AI assistant interface). The processing of data provided through interactions with the AI assistant “Vant” itself is governed by a separate privacy notice and consent form, presented to the user before the service is started.

1. Data controller

Juvant Srls, in the person of its legal representative Antonio Gatti.

  • Registered office: Via Albert Bruce Sabin 2, 72100 Brindisi (BR), Italy
  • VAT number / Tax code / Companies Register: IT02807050741
  • REA: BR-260986
  • PEC: juvant@pec.it
  • Legal representative: Antonio Gatti

Controller contact: antonio@juvant.io
Data subject rights requests: privacy@juvant.io

2. Data Protection Officer (DPO)

Juvant Srls has not appointed a Data Protection Officer because the mandatory conditions set out in Article 37 GDPR do not apply: it does not carry out, as its core activity, processing operations that require regular and systematic monitoring of data subjects on a large scale, nor does it process on a large scale special categories of data under Article 9 or data relating to criminal convictions and offences under Article 10 GDPR.

3. Data processed during browsing

During the mere visit to the juvant.io website or to its subdomain vant.juvant.io, the following data are collected in server logs, solely for security and technical diagnostics purposes:

  • visitor's IP address;
  • timestamp of the request;
  • browser user-agent;
  • URL of the requested resource and HTTP response code.

This website does not use cookies. No cookies of any kind — technical, analytical, profiling, third-party, or marketing — are stored on the user's device by juvant.io or vant.juvant.io. The website performs no behavioural tracking and generates no user profiles. For the operation of the AI assistant interface, a session identifier is generated and exchanged within the request and response of each interaction (transmitted in the request body and in a response header, and held only in the volatile memory of the browser tab). It is not written to any persistent storage on the user's device, is not a cookie, and is discarded when the tab is closed.

As an exception to the above, the AI assistant interface stores a single item in the browser's local storage (localStorage): the user's consent preference. When the user accepts the consent form before starting the assistant, the literal string 'accepted' is saved under the key vant_consent_v1, for the sole purpose of not re-showing the consent form on subsequent visits made from the same browser. This entry contains no personal data, no session identifier, and no tracking or profiling data: it contains only the string 'accepted'. It is not a cookie but a standard interface persistence mechanism for managing consent. Unlike the session identifier, this entry persists across sessions of the same browser until the user manually clears the browser's local storage. If the user dismisses the form without accepting, no information is stored.

4. Purposes and legal basis

Log data are processed for the purpose of ensuring the security of the website, preventing automated abuse and diagnosing technical malfunctions.

Legal basis: legitimate interest of the controller (Article 6(1)(f) GDPR) in the protection of the IT infrastructure and the continuity of the service.

5. Retention period

Server logs are retained only for as long as is necessary for the security, abuse-prevention and technical-diagnostics purposes for which they are collected, after which they are deleted or irreversibly anonymised, unless further retention is required in the event of confirmed security incidents or legal obligations.

6. Data recipients

Log data are processed exclusively by authorised personnel of Juvant Srls and by the hosting provider (Microsoft Azure), acting as data processor pursuant to Article 28 GDPR. The data are not disseminated nor communicated to any other parties.

7. Transfers outside the EU

The hosting infrastructure is located within the European Union. Any transfers to third countries take place solely within the framework of the adequacy mechanisms provided for in Chapter V of the GDPR (Standard Contractual Clauses of the European Commission).

8. Rights of the data subject

The data subject may at any time exercise the rights provided for in Articles 15-22 GDPR:

  • access to their own data (Article 15);
  • rectification (Article 16);
  • erasure (Article 17);
  • restriction of processing (Article 18);
  • data portability (Article 20);
  • objection to processing (Article 21).

Requests must be sent to privacy@juvant.io and will receive a reply within 30 days.

9. Complaint to the supervisory authority

If the data subject considers that the processing of their data is carried out in breach of the GDPR, they have the right to lodge a complaint with the Italian Data Protection Authority — Garante per la protezione dei dati personali (www.garanteprivacy.it), without prejudice to any other administrative or judicial remedy.

10. Changes to this notice

This notice may be updated. The version in force is always the one published on juvant.io, showing the date of last update.

juvant.io

© 2026 Juvant Srls