Privacy Policy

Last updated: June 12, 2026

1. Data Controller

Uplifted Consulting ("we", "us", "our") is an AI consulting business operated by Riccardo Vandra, based in Italy. We are the data controller for the personal data described in this policy, within the meaning of the EU General Data Protection Regulation (GDPR) and the Italian Privacy Code (Legislative Decree 196/2003, as amended). Our website is upliftedconsulting.com. For any privacy-related questions or requests, contact us at hello@upliftedconsulting.com.

2. What Data We Collect

We collect the following categories of data:

  • Data you provide directly: name, email address, company name, and anything else you share when filling out a form, booking a call, subscribing to the newsletter, or contacting us.
  • Usage data: pages visited, time on page, referring URL, clicks, browser type, operating system, device type, and approximate location (country level, derived from your IP address).
  • Session recordings (only with your consent, see section 4): anonymized replays of how you navigate the site, with all typed input masked.

3. Why We Process It (Legal Bases)

Under the GDPR, every use of your data needs a legal basis. Ours are:

  • Consent (Art. 6.1.a GDPR): newsletter emails, marketing communications, analytics cookies, and session recordings. You can withdraw consent at any time.
  • Steps prior to a contract (Art. 6.1.b GDPR): responding to your inquiries, processing call bookings, and preparing proposals you request.
  • Legitimate interest (Art. 6.1.f GDPR): aggregate, cookieless website statistics to understand how the site performs, and protecting the site against spam and abuse.

4. Analytics and Session Recordings (PostHog)

We use PostHog to understand how visitors use this site. Our PostHog instance is hosted in the European Union (Frankfurt, Germany), so analytics data does not leave the EU.

  • Before you give consent (if you visit from the EU, EEA, UK, or Switzerland), PostHog runs in cookieless mode: no identifiers are stored on your device and your visit is measured only in aggregate.
  • If you accept analytics in the cookie banner, PostHog stores a cookie so we can recognize returning visits, and may record an anonymized replay of your session. Everything you type into any field is masked and never appears in recordings.
  • If you reject, the site keeps working exactly the same and PostHog stays in cookieless mode.

5. Cookies and How to Manage Them

The cookies and similar technologies this site uses:

  • cc_cookie: stores your cookie consent choice. Strictly necessary. Expires after 6 months.
  • uc-theme (local storage): remembers your light/dark theme preference. Strictly necessary.
  • ph_* (PostHog): analytics identifier, set only after you accept analytics (for EU, EEA, UK, and Swiss visitors) or automatically in regions where consent is not required. Expires after 12 months.
  • Third-party cookies: may be set by Cal.com when you use the booking calendar, by Kit (ConvertKit) when you subscribe to the newsletter, and by Cloudflare Turnstile when completing the anti-spam check on the audit page.

If you are visiting from the EU, EEA, UK, or Switzerland, you can change your choice at any time: . You can also control or delete cookies through your browser settings.

6. Third-Party Services and Data Transfers

We rely on the following processors to run the site:

  • PostHog (EU): analytics and session replay, hosted in Frankfurt, Germany.
  • Vercel: website hosting and content delivery. Vercel is a US company; transfers are covered by the EU-US Data Privacy Framework and Standard Contractual Clauses.
  • Cal.com: call scheduling. When you book a call, the name, email, and details you enter are processed by Cal.com (US), under Standard Contractual Clauses.
  • Kit (ConvertKit): newsletter delivery (US), under the EU-US Data Privacy Framework.
  • Cloudflare Turnstile: spam protection on forms.
  • YouTube (embedded content): embedded videos are subject to Google's privacy policy.

Each provider processes data on our instructions under their own data processing agreements. Where data leaves the EU, it is protected by an adequacy decision or Standard Contractual Clauses as noted above.

7. Data Retention

  • Inquiries and booking data: kept for as long as needed to handle the conversation and any resulting engagement, then deleted or archived per legal record-keeping requirements.
  • Newsletter data: kept until you unsubscribe (every email contains an unsubscribe link).
  • Analytics data and session recordings: retained in PostHog according to its standard retention, and deleted on request.

8. Your Rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you (Art. 15)
  • Have inaccurate data corrected (Art. 16)
  • Have your data deleted (Art. 17)
  • Restrict or object to processing (Art. 18 and 21)
  • Receive your data in a portable format (Art. 20)
  • Withdraw consent at any time, without affecting processing carried out before the withdrawal (Art. 7)

To exercise any of these rights, email us at hello@upliftedconsulting.com. We respond within 30 days. If you believe your data has been handled unlawfully, you also have the right to lodge a complaint with the Italian supervisory authority, the Garante per la Protezione dei Dati Personali (garanteprivacy.it), or with the supervisory authority of your country of residence.

9. Data Security

We take reasonable technical and organizational measures to protect your personal data from unauthorized access, alteration, or destruction, including encrypted connections (HTTPS) across the entire site and access controls on every third-party service we use. No method of transmission over the internet is 100% secure.

10. Changes to This Policy

We may update this privacy policy from time to time, for example when we add or replace a service. Changes are posted on this page with an updated revision date.

11. Contact

If you have questions about this privacy policy or how we handle your data, contact us at hello@upliftedconsulting.com.