Privacy Policy
Last updated: 2026-05-12
This Privacy Policy explains how The Mambo Guild processes your personal data. It is provided in compliance with articles 13 and 14 of Regulation (EU) 2016/679 (the "GDPR") and with the Italian Privacy Code (D.Lgs. 196/2003 as amended).
1. Data controller
The data controller is Pavle Popovic, sole proprietor, with registered office at Via Pasquale Revoltella 92, 00152 Roma (RM), Italy, VAT IT18528951009. Contact: support@themamboguild.com. We have not appointed a Data Protection Officer because we are not required to under art. 37 GDPR.
2. What data we collect
- Account data: email address, username, password (stored as a hash), preferred language, account creation date.
- Profile and progress data: avatar, level selection, completed lessons, XP, achievements, posts in community spaces.
- Billing data: subscription plan, billing country and currency, invoice history. Card details are collected and stored directly by Stripe; we never see your full card number.
- Technical and usage data: IP address, browser type, device, pages visited, lessons started and completed, error logs.
- Marketing data (only after consent): Meta click identifiers (fbclid, _fbp, _fbc), advertising attribution events.
- Support correspondence: emails and messages you send to support, including any data you choose to include.
3. Purposes and legal bases
- Providing the Service (account, lessons, community): art. 6(1)(b) GDPR, performance of the contract.
- Billing, accounting and tax obligations: art. 6(1)(c) GDPR, legal obligation under Italian tax and accounting law.
- Security, fraud prevention, abuse monitoring: art. 6(1)(f) GDPR, our legitimate interest in keeping the Service safe.
- Service emails (verification, password reset, billing notices): art. 6(1)(b) GDPR.
- Marketing emails (product updates, new lesson announcements): art. 6(1)(a) GDPR, your consent, freely withdrawable via the unsubscribe link in every email.
- Advertising measurement and remarketing through Meta Pixel and CAPI: art. 6(1)(a) GDPR, your consent given through the cookie banner. Without consent we do not transmit these events.
4. Sub-processors
We use the following third-party processors to deliver the Service. We have signed a data processing agreement with each of them under art. 28 GDPR.
| Provider | Purpose | Location |
|---|---|---|
| Stripe Payments Europe Ltd. | Subscription billing and card processing | Ireland |
| Mux Inc. | Lesson video hosting and streaming | United States (SCC) |
| Cloudflare Inc. | Asset CDN and image / thumbnail storage (R2) | Global edge (SCC) |
| Resend Inc. | Transactional and marketing email delivery | United States (SCC) |
| Supabase Inc. | Primary application database (PostgreSQL) | EU (Frankfurt) |
| Railway Corp. | Backend application hosting | United States (SCC) |
| Vercel Inc. | Frontend hosting and edge runtime | Global edge (SCC) |
| Meta Platforms Ireland Ltd. | Advertising measurement (only with consent) | Ireland |
5. International transfers
Some of the processors above are based outside the European Economic Area, mainly in the United States. Where the recipient is not in a country covered by an EU adequacy decision, transfers happen on the basis of the European Commission's Standard Contractual Clauses (SCC), supplemented by appropriate technical and organisational measures.
6. How long we keep data
- Account data: for the duration of your account, plus up to 30 days after deletion to allow recovery.
- Billing and tax records: 10 years, as required by Italian tax law (art. 2220 Codice Civile).
- Marketing consent logs: for the duration of consent, plus 5 years to demonstrate compliance.
- Server logs: typically 30 days, longer where needed for security investigation.
- Support correspondence: up to 3 years from the last interaction.
7. Your rights
Under articles 15 to 22 GDPR you have the right to:
- access the personal data we hold about you;
- rectify inaccurate or incomplete data;
- request erasure of your data ("right to be forgotten");
- restrict or object to the processing;
- receive your data in a portable format;
- withdraw consent at any time, without affecting prior lawful processing.
To exercise any of these rights write to support@themamboguild.com from the email address associated with your account. We will respond within one month.
If you believe your data is being processed unlawfully you may lodge a complaint with the Italian supervisory authority, the Garante per la protezione dei dati personali (Piazza Venezia 11, 00187 Roma, garanteprivacy.it), or with the supervisory authority of your country of residence.
8. Cookies and similar technologies
Details on the cookies we use, including the marketing cookies that load only after you click "Accept" on the banner, are in our Cookie Policy.
9. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you become aware that a minor has provided us with personal data without parental consent please contact us and we will delete it.
10. Changes to this Policy
We may update this Policy from time to time. The version published on the Site is always the version in force. Material changes will be announced by email to your account address with at least 14 days' notice.