Privacy
Policy

Last updated: 2026-02-22

Clear data use. Controlled tracking. Respect for user choices. This page explains how personal data may be processed when users visit the Site, place orders, request support, or interact with analytics and advertising tools.

The Site may use Google Analytics 4, Meta Pixel, and Meta Conversions API (CAPI). In the EU/EEA and where required by law, non-essential tracking technologies are activated only after consent.

You can manage your consent through the cookie banner or through the "Cookie Preferences" link (if available) in the footer.

1) Data Controller and Contact Details

Data Controller: Strike Protocol
Privacy contact: support@strikeprotocol.shop
Customer support: support@strikeprotocol.shop

2) Scope (Site vs App)

This Privacy Policy applies to processing carried out through the Site. Any mobile application connected to the product is designed to operate without collection of personal data by the Controller, with data stored locally on the user's device only.

The Controller does not receive personal data from the App, except where the user voluntarily sends communications such as support emails. Any processing carried out by app stores or operating systems (such as Apple or Google) remains subject to their own privacy notices as independent controllers.

3) Categories of Personal Data Processed

Depending on how the Site is used, different categories of personal data may be processed.

Category Description
Browsing and technical data IP address, cookie IDs, browser/device identifiers, device information, browser information, security logs, usage events, visited pages, referrer, access date and time.
Order and contract data Name, surname, shipping and billing address, email address, phone number, order details, return/refund information, warranty-related information, and operational communications.
Support and communication data Data contained in emails or support requests, including message content, attachments, and related metadata.
Analytics and marketing data Interaction and conversion data such as page views, add-to-cart events, purchases, campaign attribution data, and similar events, where applicable and where consent is required.

4) Purposes of Processing and Legal Bases

Personal data are processed for specific purposes and on the basis of the legal grounds applicable to each context.

Purpose Legal basis
Order handling, payment, shipping, returns, refunds, warranty, operational communications Performance of a contract.
Tax, accounting, compliance, authority requests Compliance with legal obligations.
Site security, fraud prevention, abuse prevention, chargeback/dispute handling, legal defense, technical continuity Legitimate interests.
Analytics cookies, marketing cookies, behavioral advertising, campaign measurement and optimization Consent, where required by applicable law.
Consent may be withdrawn at any time through the cookie preference center. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

5) Google Analytics 4 (GA4)

We use Google Analytics 4 to measure and analyze, in aggregated form, the use of the Site, including visited pages, events, and performance trends. Depending on applicable law and consent configuration, GA4 may be activated only after acceptance of analytics cookies. Google may also process data as an independent controller under its own terms and notices.

6) Meta Pixel and Meta Conversions API (CAPI)

We use Meta Pixel to measure advertising performance on Facebook and Instagram, optimize campaigns, and attribute conversions. Tracked events may include page views, add-to-cart actions, checkout initiation, and purchases. Activation of the Pixel is subject to marketing consent where required.

We may also use Meta Conversions API through server-side or Shopify integrations in order to transmit conversion data from the server side. Depending on configuration, transmitted data may include:

  • event data such as event type, timestamp, value, currency, page, product, or order ID;
  • matching identifiers such as email address and/or phone number, transmitted in hashed form where applicable;
  • technical parameters such as IP address, user agent, and similar attribution data, according to consent settings.
Important: hashing is a form of pseudonymization, not anonymization. The processing remains subject to applicable privacy law. Meta may process certain data as an independent controller and/or under the contractual framework applicable between the parties.

The use of Pixel/CAPI may involve profiling and targeted advertising, where permitted by law and based on the user's expressed preferences.

7) Cookies, Tracking, and Preference Management

Strictly necessary cookies are required for the operation of the Site. Analytics and marketing cookies, and equivalent technologies, are managed through a banner and/or preference center and, where required, are not activated without consent. Preferences can be modified at any time. For more details: /pages/cookie-policy.

8) Data Recipients and Roles

To the extent necessary for the stated purposes, personal data may be disclosed to:

  • e-commerce and hosting providers, including Shopify and related services;
  • payment providers for transaction handling;
  • couriers and logistics providers for shipping, delivery, and tracking;
  • support and communication providers for assistance requests;
  • analytics and marketing providers such as Google and Meta, depending on consent and configuration;
  • professional advisors and public authorities, where required.
Depending on the service, these parties may act as processors on behalf of the Controller or as independent controllers. In particular, providers such as Google and Meta may process data as independent controllers under their own terms and notices.

9) International Transfers (Outside the EU)

Because we operate and sell internationally, personal data may be processed and/or transferred to countries other than the user's country, including countries outside the European Union. For data subjects protected by the GDPR, such transfers take place in compliance with applicable law, including through Standard Contractual Clauses (SCCs) and/or other legally recognized transfer mechanisms.

10) Data Retention

Retention periods may vary depending on the category of data and the relevant legal or operational need.

Data type Retention period
Order / invoicing data fino a 10 anni (obblighi civilistici/fiscali, ove applicabile)
Support data For as long as necessary to manage the request and, where needed, to protect or enforce legal rights.
Analytics data (GA4) fino a 14 mesi (configurabile in GA4)
Marketing / attribution data (Pixel/CAPI) fino a revoca del consenso o secondo limiti di legge

11) Automated Decisions and Profiling

We may use marketing and measurement tools that involve profiling and/or segmentation for advertising purposes, where permitted and based on consent or preference settings. As a general rule, we do not carry out solely automated decisions producing legal or similarly significant effects on the user, except where allowed or required under applicable law.

12) User Rights (GDPR)

To the extent provided by applicable law, users may exercise rights of access, rectification, erasure, restriction, portability, and objection, and may also withdraw consent where consent is the legal basis. Requests may be sent to: support@strikeprotocol.shop.

13) US Privacy Notice (Opt-Out Rights and Requests)

If you reside in certain US states, additional rights may apply depending on local law.

Right Description
Right to know / access You may request information about the categories of personal data collected, sources, purposes, and disclosures.
Right to deletion You may request deletion of personal data, subject to legal exceptions.
Right to correction You may request correction of inaccurate personal data, where applicable.
Right to opt out of targeted advertising / sale / sharing Where applicable by law, you may opt out of targeted advertising and/or the sale or sharing of personal information.
Right to non-discrimination You have the right not to receive discriminatory treatment for exercising privacy rights.

Where available, you may exercise opt-out rights through the "Do Not Sell or Share My Personal Information" link: #. If you have a DSAR page or form, it may be available here: #. Alternatively, you may contact us by email at: support@strikeprotocol.shop.

Under some legal interpretations, the use of Pixel/CAPI for behavioral advertising may fall within "sharing" and/or "targeted advertising". Preferences can be managed through consent tools and cookie settings.

14) Minors

The Site is not intended for minors. We do not knowingly collect personal data from minors. If you believe that a minor has provided personal data, please contact us to request deletion: support@strikeprotocol.shop.

15) Security

We adopt reasonable technical and organizational measures to protect personal data. No system can guarantee absolute security. Users are responsible for using protected devices and for keeping any credentials secure.

16) Updates to this Privacy Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. The current version is published on this page together with the latest update date.

17) References

Cookie Policy: /pages/cookie-policy
Terms & Conditions: /pages/terms
Privacy contact: support@strikeprotocol.shop