PayrollPedagogue — Powered by GreenTrack.ai
Start learning
Legal

Privacy Policy

Last updated: 7 June 2026

This Privacy Policy explains how PayrollPedagogue ("we", "us", "our"), a product of GreenTrack.ai, processes your personal data when you visit our website or use our online course platform. We act as the data controller for the data described below within the meaning of the EU General Data Protection Regulation (GDPR).

1. Who we are

PayrollPedagogue is operated by Paolo Dazio, Via IV Novembre 5/7, 22045 Lambrugo (CO), Italy — VAT/Tax ID 04225480138. For any privacy-related questions or to exercise your rights, contact us at paolo.dazio@gmail.com.

2. Data we collect

Account data

  • Email address (required to sign in)
  • Password (stored hashed; we never see your plaintext password)
  • Authentication metadata: sign-in timestamps, IP address, device/browser

Learning data

  • Lesson completion records (which lessons you finished and when)
  • Quiz attempts, answers and scores

Payment data

Payments and subscription billing are processed by our online reseller Paddle.com Market Ltd ("Paddle"), which acts as the Merchant of Record for all orders. Paddle is the seller-of-record on your statement and handles checkout, invoicing, tax collection, refunds and chargebacks. For these purposes Paddle receives, as an independent data controller, your name, email address, billing address, country, IP address and payment-method metadata. We receive from Paddle only the minimum information needed to provision your subscription (subscription status, customer ID, last 4 digits of card, billing country). Your full card details are never seen or stored by us. Paddle's privacy notice is available at paddle.com/legal/privacy.

Technical data

  • Essential cookies / local storage (your sign-in session)
  • Server logs (IP address, request URL, status code) kept for security and debugging

3. Why we use your data & legal basis

  • Provide the service — Art. 6(1)(b) GDPR (contract): account creation, lesson delivery, progress tracking.
  • Security & fraud prevention — Art. 6(1)(f) GDPR (legitimate interest).
  • Legal obligations — Art. 6(1)(c) GDPR: invoicing, tax records.
  • Optional marketing emails — only with your explicit consent, which you can withdraw at any time.

4. How long we keep it

  • Account & learning data: while your account is active, plus up to 24 months of inactivity, then deleted.
  • Invoices and tax records: up to 10 years where required by applicable tax law.
  • Server logs: up to 30 days.

5. Who we share it with (processors)

We share personal data with the following recipients, each bound by a Data Processing Agreement or acting under its own controller responsibilities:

  • Lovable Cloud / Supabase — hosting and database (EU region where available), acting as our processor.
  • Paddle.com Market Ltd — our online reseller and Merchant of Record. Paddle receives your name, email, billing address, country, IP address and payment-method details to process the sale, manage your subscription, handle taxes and invoicing, and process refunds and chargebacks. Paddle acts as an independent data controller for these purposes. See Paddle's privacy notice at paddle.com/legal/privacy.

7. Your rights

Under the GDPR you have the right to:

  • Access — request a copy of your data (Art. 15). Use "Export my data" on your dashboard.
  • Rectification — correct inaccurate data (Art. 16).
  • Erasure — delete your account and associated data (Art. 17). Use "Delete my account" on your dashboard.
  • Restriction of processing (Art. 18).
  • Portability — receive your data in a machine-readable format (Art. 20).
  • Object to processing based on legitimate interest (Art. 21).
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with your local supervisory authority.

8. Security

We use TLS encryption in transit, encrypted database storage at rest, row-level security on all user tables (so you can only access your own records), and least-privilege service credentials. In the event of a personal-data breach we will notify the competent supervisory authority within 72 hours where required (Art. 33).

9. Children

PayrollPedagogue is a professional training service intended for adults working in SAP consulting. It is not directed to children under 16, and we do not knowingly collect personal data from them.

10. Changes

We may update this policy. We will update the "Last updated" date above and, for material changes, notify you by email or via the dashboard.