Privacy Policy
Last updated: 5 July 2026
This notice is provided under Article 13 of Regulation (EU) 2016/679 (the “GDPR”) to anyone who visits the reactivenet.ai website, uses the app.reactivenet.ai application, or the relay.reactivenet.ai synchronisation service (together, “Reactive”).
1. Guiding principle: your data stays on your device
Section titled “1. Guiding principle: your data stays on your device”Reactive is built on a privacy-by-design principle. The apps you build with
Reactive run entirely in your browser: the content you enter (list items,
form values, calculations) is saved in your device’s local storage
(localStorage) and is never transmitted to any server. There is no
account: we do not collect a name, email or credentials to let you use the app.
As a result, for the vast majority of Reactive’s use the Controller processes no personal data, because your data never leaves your device. The processing described below concerns only technical and statistical aspects of the website, and the optional synchronisation feature.
2. Data Controller
Section titled “2. Data Controller”The Data Controller is Cosimo Luigi Manes (a natural person), author and operator of the Reactive project.
- Contact for exercising your rights and any privacy matter: privacy@reactivenet.ai
No Data Protection Officer (DPO) has been appointed, as this is not required given the nature and scope of the processing.
3. What we process, and when
Section titled “3. What we process, and when”a) Presentation website (reactivenet.ai)
Section titled “a) Presentation website (reactivenet.ai)”The showcase website and documentation use Pirsch Analytics, a cookieless, privacy-friendly statistics tool. Pirsch sets no cookies, does not track users across sites, and does not store IP addresses in the clear or other personal identifiers: it produces only aggregate, anonymous statistics (page views, referrers, device type). Data is processed on infrastructure located in the European Union (Germany).
Like any web service, the server hosting the site also records technical logs (IP address, date/time, requested resource, user-agent) for the time strictly necessary to ensure security and diagnostics.
b) Application (app.reactivenet.ai)
Section titled “b) Application (app.reactivenet.ai)”- Data you enter: stays in your browser’s local storage. It never passes through, nor is stored on, our servers. You can delete it at any time by clearing the site’s data in your browser.
- No account: we collect no registration data.
- AI assistant (optional): if you use it, it runs a language model locally on your device via Ollama. Your conversations and your document are never sent to any cloud service or to us.
- Third-party CDN resources: for some advanced features (KaTeX maths, in-browser Python via Pyodide, UI components) the app downloads libraries from public CDNs (jsDelivr, unpkg). In doing so, your browser reveals your IP address to those providers, as with any web resource. After the first load these resources are stored in the local cache (PWA) and are no longer re-downloaded.
c) Multi-user synchronisation (optional feature)
Section titled “c) Multi-user synchronisation (optional feature)”Synchronisation is off by default. It is enabled only if a document’s author
explicitly turns it on (by generating a sync key). When active, our relay
(relay.reactivenet.ai) connects the devices that share the same document.
The relay is blind by design:
- Content is end-to-end encrypted on your device (AES-GCM) before being transmitted: the relay, and therefore the Controller, cannot read it.
- The relay knows only: opaque channel identifiers (hashes that reveal neither the document nor the participants), the encrypted blobs, connection timestamps, and the connections’ IP addresses.
- There are no accounts: your username and colour (if set) travel only inside the encrypted messages, invisible to the relay.
d) Sharing an app via link
Section titled “d) Sharing an app via link”The “Share app” feature encodes the entire document inside the link itself (in the URL fragment). The document does not pass through our servers. You are responsible for the content you choose to share, and with whom.
4. Purposes, legal bases and retention
Section titled “4. Purposes, legal bases and retention”| Processing | Purpose | Legal basis (GDPR Art. 6) | Retention |
|---|---|---|---|
| Pirsch statistics (cookieless) | Measure site usage in aggregate, anonymous form | Legitimate interest (f) in improving the service | Aggregate/anonymous data; no identifiable personal data |
| Server technical logs | Security, abuse prevention, diagnostics | Legitimate interest (f) | Time strictly necessary (typically a few days/weeks) |
| Third-party CDN resources | Deliver technical app features | Legitimate interest (f) in technical delivery | Not retained by us |
| Sync relay (if active) | Deliver encrypted messages between your devices | Legitimate interest (f) in providing the requested feature | Channel logs deleted in full after 30 days of channel inactivity |
We carry out no profiling and no automated decision-making producing legal effects on you.
5. Recipients of the data
Section titled “5. Recipients of the data”Your data is not sold or shared with third parties for marketing purposes. It may be processed only by the technical providers necessary to run the service, acting as processors or independent controllers:
- Pirsch Analytics (cookieless statistics, EU infrastructure);
- the hosting provider that hosts the site, app and relay;
- the public CDNs (jsDelivr, unpkg) from which the app downloads technical libraries.
6. Transfers outside the EU
Section titled “6. Transfers outside the EU”The site and statistics are hosted in the European Union. The public CDNs (jsDelivr, unpkg) operate through global distribution networks: loading a technical library may involve contact with servers located outside the EU. Where that happens, the transfer relies on the safeguards under Articles 44 ff. of the GDPR (e.g. standard contractual clauses) and concerns only technical connection data (IP address), not the content you create.
7. Your rights
Section titled “7. Your rights”As a data subject you may exercise at any time the rights under Articles 15-22 of the GDPR:
- access to the data concerning you;
- rectification of inaccurate data;
- erasure (“right to be forgotten”);
- restriction of processing;
- data portability;
- objection to processing based on legitimate interest.
Remember that you directly control the data entered in the app: you can delete it yourself by clearing the site’s data in your browser, without contacting us.
To exercise your rights, write to privacy@reactivenet.ai. We will respond without undue delay and in any case within one month.
8. Complaint to a supervisory authority
Section titled “8. Complaint to a supervisory authority”If you believe the processing of your data infringes the GDPR, you have the right to lodge a complaint with the competent supervisory authority. In Italy this is the Garante per la protezione dei dati personali (www.garanteprivacy.it).
9. Changes to this notice
Section titled “9. Changes to this notice”We may update this notice to reflect changes to the service or the law. The current version is always published on this page, with the last-updated date shown at the top.