LessType

Privacy Policy

Notice on processing of personal data

Pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR) and applicable Italian law.

Last updated: May 22, 2026
Version: 1.0

Contents

  1. Data Controller
  2. Data collected
  3. Purposes and legal bases
  4. Retention periods
  5. Recipients and processors
  6. Non-EU transfers
  7. Data subject rights
  8. Security measures
  9. Cookies and similar technologies
  10. Changes to this notice

1. Data Controller

The Data Controller is:

Lipschitz & Daniele S.n.c.
Registered office: Milan, Italy
VAT: [to be added]
Email: info@lesstype.ai
Certified email (PEC): [to be added]

No Data Protection Officer (DPO) has been appointed, as the conditions set out in Article 37 GDPR for mandatory designation do not apply. For any data protection enquiry, you can contact the Controller using the details above.

2. Data collected

2.1 Data you provide

When you sign up for LessType, subscribe to a plan, contact support or use the website contact form, we may process:

  • Identification and contact data: first name, last name, email, optional phone number
  • Professional data: company name, VAT / tax code, business role
  • Billing data: registered office address, Italian SDI recipient code, certified email (PEC)
  • Access credentials (passwords stored only as cryptographic hashes)
  • Content of your communications with our support team

2.2 Documents uploaded for processing

The service allows you to upload PDF documents in order to extract structured data using artificial intelligence. Such documents may contain personal data of third parties (e.g. your customers, policyholders).

Uploaded PDF files are deleted from our servers immediately after processing and data extraction. We retain only the extracted structured data, according to the periods defined in §4.

Users uploading documents containing personal data of third parties act as autonomous Data Controllers vis-à-vis those individuals, and are responsible for the lawfulness of the processing and for fulfilling information obligations towards data subjects. LessType acts as Data Processor (Art. 28 GDPR) limited to the technical processing of the document.

2.3 Data collected automatically

While you browse the website and use the application we collect:

  • IP address, browser and device type, operating system
  • Pages visited, access times, session duration
  • Application logs necessary for security and operation of the service

3. Purposes and legal bases

Purpose Legal basis
Provision of the LessType service (registration, authentication, document processing) Performance of contract (Art. 6.1.b GDPR)
Invoicing, accounting and tax obligations (including Italian SDI e-invoicing) Legal obligation (Art. 6.1.c GDPR)
Response to contact and support requests Pre-contractual measures / legitimate interest (Art. 6.1.b/f GDPR)
IT security, fraud prevention and infrastructure protection Legitimate interest (Art. 6.1.f GDPR)
Service communications (technical notices, contractual changes) Performance of contract (Art. 6.1.b GDPR)
Marketing communications Consent (Art. 6.1.a GDPR), withdrawable at any time

4. Retention periods

  • Account data: for the duration of the contractual relationship, and for 24 months thereafter, unless longer retention is required by law.
  • Billing and tax data: 10 years, pursuant to Italian Civil Code Art. 2220 and applicable tax law.
  • Uploaded PDF files: deleted immediately after processing (typically within minutes).
  • Extracted document data: retained in the user account until manual deletion or termination of the relationship.
  • Technical and security logs: up to 12 months.
  • Support communications: 24 months.

5. Recipients and processors

Data may be shared with the following parties, appointed where applicable as Data Processors under Art. 28 GDPR:

Entity Processing Location
OVHcloud (OVH GmbH / OVH SAS) Web and database hosting Germany / France (EU)
Anthropic, PBC AI processing of document content United States
Stripe Payments Europe Ltd Payment processing Ireland (EU), with possible support from Stripe Inc. (US)
Aruba S.p.A. SMTP, PEC, domain registration, DNS Italy (EU)
TeamSystem S.p.A. (FattureInCloud) E-invoicing management Italy (EU)
Consultants, accountants, lawyers Accounting, tax and legal compliance Italy (EU)
Public authorities Upon lawful request under applicable law Italy / EU

Data is not disclosed publicly nor sold to third parties for commercial purposes.

6. Non-EU transfers

Some services essential to LessType's operation involve processing data in countries outside the European Economic Area. In particular:

  • Anthropic, PBC (United States): the content of uploaded documents is transmitted to Anthropic's API, which operates on US infrastructure for AI processing. PDF files are not retained by either LessType or Anthropic after processing, under applicable Anthropic commercial terms.
  • Stripe Inc. (United States): some payment operations may involve a transfer of data to Stripe Inc., the parent company of Stripe Payments Europe Ltd.

These transfers are governed by the Standard Contractual Clauses adopted by the European Commission via Implementing Decision (EU) 2021/914, in compliance with Art. 46 GDPR. For transfers to the United States, the EU-US Data Privacy Framework (Adequacy Decision 2023/1795) also applies, where available.

A copy of the safeguards adopted can be requested at info@lesstype.ai.

7. Data subject rights

As a data subject you have the right, under Articles 15-22 GDPR, to:

  • Access your personal data and obtain a copy
  • Request rectification of inaccurate or incomplete data
  • Request erasure (right to be forgotten), within the limits set by law
  • Request restriction of processing
  • Receive your data in a structured, readable format (portability)
  • Object to processing based on legitimate interest
  • Withdraw consent at any time, without affecting the lawfulness of consent-based processing prior to withdrawal
  • Lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or the supervisory authority in your country

To exercise your rights, write to info@lesstype.ai. We will respond within 30 days, extendable by a further 60 days in particularly complex cases (Art. 12.3 GDPR).

8. Security measures

We adopt appropriate technical and organisational measures to protect personal data from unauthorised access, loss or disclosure. In particular:

  • TLS (HTTPS) encryption of all data in transit
  • Encryption of data at rest in the database
  • Password hashing with secure algorithms
  • Audit logs of access and relevant operations
  • Role-Based Access Control (RBAC)
  • Regular backups and disaster recovery procedures
  • Timely security updates on systems

9. Cookies and similar technologies

The website lesstype.ai does not use profiling, marketing or third-party cookies. We only use strictly necessary technical cookies, for which no consent is required under the Italian Data Protection Authority's guidelines of 10 June 2021.

The application app.lesstype.ai uses technical session cookies necessary for authentication and the proper functioning of the service.

Any future traffic analysis tools will be introduced by amending this notice and, where required, collecting consent through a dedicated banner.

10. Changes to this notice

This notice may be updated to reflect regulatory, organisational or technical changes. The current version is always published on this page with the date of last update. In case of material changes, registered users will also be notified by email.

For any question regarding this notice or the processing of your data, contact us at info@lesstype.ai.