Skip to content

Privacy Policy

Last updated: 5 July 2026

This notice is provided under Article 13 of Regulation (EU) 2016/679 (the “GDPR”) to anyone who visits the reactivenet.ai website, uses the app.reactivenet.ai application, or the relay.reactivenet.ai synchronisation service (together, “Reactive”).

1. Guiding principle: your data stays on your device

Section titled “1. Guiding principle: your data stays on your device”

Reactive is built on a privacy-by-design principle. The apps you build with Reactive run entirely in your browser: the content you enter (list items, form values, calculations) is saved in your device’s local storage (localStorage) and is never transmitted to any server. There is no account: we do not collect a name, email or credentials to let you use the app.

As a result, for the vast majority of Reactive’s use the Controller processes no personal data, because your data never leaves your device. The processing described below concerns only technical and statistical aspects of the website, and the optional synchronisation feature.

The Data Controller is Cosimo Luigi Manes (a natural person), author and operator of the Reactive project.

No Data Protection Officer (DPO) has been appointed, as this is not required given the nature and scope of the processing.

The showcase website and documentation use Pirsch Analytics, a cookieless, privacy-friendly statistics tool. Pirsch sets no cookies, does not track users across sites, and does not store IP addresses in the clear or other personal identifiers: it produces only aggregate, anonymous statistics (page views, referrers, device type). Data is processed on infrastructure located in the European Union (Germany).

Like any web service, the server hosting the site also records technical logs (IP address, date/time, requested resource, user-agent) for the time strictly necessary to ensure security and diagnostics.

  • Data you enter: stays in your browser’s local storage. It never passes through, nor is stored on, our servers. You can delete it at any time by clearing the site’s data in your browser.
  • No account: we collect no registration data.
  • AI assistant (optional): if you use it, it runs a language model locally on your device via Ollama. Your conversations and your document are never sent to any cloud service or to us.
  • Third-party CDN resources: for some advanced features (KaTeX maths, in-browser Python via Pyodide, UI components) the app downloads libraries from public CDNs (jsDelivr, unpkg). In doing so, your browser reveals your IP address to those providers, as with any web resource. After the first load these resources are stored in the local cache (PWA) and are no longer re-downloaded.

c) Multi-user synchronisation (optional feature)

Section titled “c) Multi-user synchronisation (optional feature)”

Synchronisation is off by default. It is enabled only if a document’s author explicitly turns it on (by generating a sync key). When active, our relay (relay.reactivenet.ai) connects the devices that share the same document.

The relay is blind by design:

  • Content is end-to-end encrypted on your device (AES-GCM) before being transmitted: the relay, and therefore the Controller, cannot read it.
  • The relay knows only: opaque channel identifiers (hashes that reveal neither the document nor the participants), the encrypted blobs, connection timestamps, and the connections’ IP addresses.
  • There are no accounts: your username and colour (if set) travel only inside the encrypted messages, invisible to the relay.

The “Share app” feature encodes the entire document inside the link itself (in the URL fragment). The document does not pass through our servers. You are responsible for the content you choose to share, and with whom.

Processing Purpose Legal basis (GDPR Art. 6) Retention
Pirsch statistics (cookieless) Measure site usage in aggregate, anonymous form Legitimate interest (f) in improving the service Aggregate/anonymous data; no identifiable personal data
Server technical logs Security, abuse prevention, diagnostics Legitimate interest (f) Time strictly necessary (typically a few days/weeks)
Third-party CDN resources Deliver technical app features Legitimate interest (f) in technical delivery Not retained by us
Sync relay (if active) Deliver encrypted messages between your devices Legitimate interest (f) in providing the requested feature Channel logs deleted in full after 30 days of channel inactivity

We carry out no profiling and no automated decision-making producing legal effects on you.

Your data is not sold or shared with third parties for marketing purposes. It may be processed only by the technical providers necessary to run the service, acting as processors or independent controllers:

  • Pirsch Analytics (cookieless statistics, EU infrastructure);
  • the hosting provider that hosts the site, app and relay;
  • the public CDNs (jsDelivr, unpkg) from which the app downloads technical libraries.

The site and statistics are hosted in the European Union. The public CDNs (jsDelivr, unpkg) operate through global distribution networks: loading a technical library may involve contact with servers located outside the EU. Where that happens, the transfer relies on the safeguards under Articles 44 ff. of the GDPR (e.g. standard contractual clauses) and concerns only technical connection data (IP address), not the content you create.

As a data subject you may exercise at any time the rights under Articles 15-22 of the GDPR:

  • access to the data concerning you;
  • rectification of inaccurate data;
  • erasure (“right to be forgotten”);
  • restriction of processing;
  • data portability;
  • objection to processing based on legitimate interest.

Remember that you directly control the data entered in the app: you can delete it yourself by clearing the site’s data in your browser, without contacting us.

To exercise your rights, write to privacy@reactivenet.ai. We will respond without undue delay and in any case within one month.

If you believe the processing of your data infringes the GDPR, you have the right to lodge a complaint with the competent supervisory authority. In Italy this is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

We may update this notice to reflect changes to the service or the law. The current version is always published on this page, with the last-updated date shown at the top.