stampista.com
Log in Sign up

Privacy Policy

Last updated: 9 July 2026

1. Who we are (data controller)

The data controller for stampista.com is:

NameFabio Ferrari, individual entrepreneur ("ditta individuale")
Tax codeFRRFBA96R18B774C
Place / date of birthCariati (CS), Italy, 18 October 1996
Trading asstampista.com
Contactcontact@stampista.com

Given the size and nature of this business, a Data Protection Officer has not been appointed: the contact above reaches the controller directly for any privacy question or request.

2. Scope of this policy

This policy explains what personal data stampista.com collects from Designers and Makers, why, how it's used and shared, how long it's kept, and what rights you have over it. It should be read together with our Cookie Policy and the Partnership Agreement, which governs how a Maker may use a Designer's uploaded 3D model files.

3. Data we collect

3.1 Mandatory for every account

Regardless of role, we require: your email address and a password (stored as a one-way bcrypt hash, we never see or store your actual password), your display name, your acceptance of these Terms, and (for Makers) your country of location, number of printers, at least one printer type and one material you work with, your shipping coverage, your lead time, and a PayPal contact so you can be paid. Designers must confirm they own or are licensed to distribute the files they upload, and also provide a PayPal contact so a Maker has somewhere to send a refund if one is agreed. We also automatically log the IP address behind your registration and logins, used only for the security/fraud-prevention purpose described in Section 5.

3.2 Mandatory for Makers based in the EU: DAC7 tax/identity data

Under EU Council Directive 2021/514 ("DAC7"), stampista.com is legally required, as a digital platform operator, to collect identity and tax information from Makers established in the EU and, above certain thresholds, report their sales activity annually to the tax authority of the relevant Member State. This is a legal obligation on us, not an optional feature: Makers who declare an EU country must provide, depending on whether they operate as an individual or a company:

If you operate as an individualIf you operate as a company
First and last nameLegal denomination (company name)
Residential addressRegistered office address
Country and date of birthTax Identification Number (TIN) and its issuing country
Tax code (Italian codice fiscale, or a foreign equivalent)VAT number
In both cases: entity type (individual/company)

These fields are never requested from Makers outside the EU, or used for any purpose beyond DAC7 compliance, the automated consistency checks described in Section 5, and (where a partnership is active) display to that specific partnered Designer (Section 6).

3.3 Optional, at your discretion

Everything else is entirely optional and left to you to fill in or skip: profile photo, bio, phone number, portfolio/social links (website, Instagram, X, Reddit, Cults3D, Thangs3D). Designers may optionally fill in the same identity/tax-shaped fields listed in Section 3.2 (tax code, VAT number, legal name, birth details) purely to earn the platform's "verified" badge: this is never mandatory for a Designer, since DAC7 only applies to Makers. Project content you choose to publish (titles, descriptions, 3D model files, photos), messages you send through the built-in chat, and reviews you write are also data you control and provide voluntarily.

4. Automated consistency checks

For EU-declared Makers (mandatory) and Designers who opted in (optional), we run automated checks that compare your declared country against signals like your registration IP, your phone number's dialing code, and your PayPal contact's domain, and validate your tax code's checksum or your VAT number against the EU VIES registry. These checks never block registration or a profile save: a mismatch only raises a private warning banner visible solely to you on your own profile, prompting you to double check the field, and (once resolved) contributes to a "verified" green badge shown to other users. Other users never see the raw comparison data behind that badge, only whether you're verified. Every check is logged (query and result) for our own compliance record-keeping.

5. Why we process your data (legal basis)

  • Performance of a contract (GDPR Art. 6(1)(b)): operating your account, matchmaking, messaging, and tracking orders between Designers and Makers.
  • Legal obligation (Art. 6(1)(c)): collecting and, where thresholds are met, reporting Maker tax/identity data under DAC7.
  • Legitimate interest (Art. 6(1)(f)): the automated consistency checks and IP/login logging described above, which exist to prevent fraud and misrepresentation on the platform; and displaying your public profile/project listings to other users, which is the whole point of a matchmaking platform.
  • Consent (Art. 6(1)(a)): any optional field you choose to fill in (Section 3.3), and the non-essential cookie preference described in our Cookie Policy.

6. Who we share your data with

Your partnered counterpart. Once a partnership between a Designer and a Maker is active, each side can see the other's contact email, phone (if provided), and PayPal details, plus (for a Maker, or a Designer who filled them in) the tax/identity fields from Section 3.2/3.3 (entity type, tax code, VAT number, legal name/address, etc.). This is shown only for the duration of an active partnership, never to the general public, and never to a user you have no partnership with.

External services, for specific automated checks only. To run the checks in Section 4, we make server-to-server calls (your browser never contacts these directly) to the EU VIES VAT registry (sends only a VAT number and country) and an IP-geolocation lookup provider, ip-api.com (sends only an IP address). These providers only receive the single value needed for that check and operate under their own privacy policies; some may process data outside the EU.

Hosting. The platform is hosted on IONOS infrastructure. We do not sell your data, use it for advertising, or share it with data brokers.

7. Data retention

We keep your account data for as long as your account is active. If you delete a role or your entire account, we anonymize the live profile immediately (name, contact details, and optional fields are cleared) rather than deleting the row outright, so past orders and reviews involving you keep displaying correctly to the other party. For Makers (and any Designer who filled in the optional tax fields), the identity/tax snapshot described in Section 3.2 is separately archived at that point and retained for as long as necessary to comply with our DAC7 reporting obligation and the applicable tax record-keeping rules; this archive is access-restricted to the controller and used only for that purpose. Verification logs and login-country records (Section 4) are kept only for as long as reasonably necessary for the fraud-prevention purpose they serve.

8. Security, and what's encrypted

The platform is served over HTTPS, and passwords are never stored in plain text: only a one-way bcrypt hash. In line with GDPR Article 32's "appropriate security measures" requirement, we additionally encrypt at rest (AES-256-GCM, with the encryption key held separately from the database) the highest-sensitivity identity and tax fields: tax code, VAT number, TIN, legal denomination, residential/registered office address, date of birth, and PayPal account holder name, for both active profiles and the DAC7 archive described in Section 7. Other account fields (name, email, phone, bio, project content) are protected by access controls and transport encryption rather than field-level encryption, since they carry materially lower risk if a database were ever compromised.

9. Your uploaded 3D model files

Designers upload 3D model files (e.g. STL) entirely voluntarily, to be produced by a Maker. These files are not published or made downloadable to the general public: the full model file is only ever made available to a Maker you've formed an active partnership with, and even then, strictly under the terms of the Partnership Agreement: the Maker may use it only to fulfill orders you've confirmed, may not redistribute it, and must stop using and permanently delete it once the partnership ends. See that document for the full terms.

10. Your rights

Under the GDPR, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request erasure ("right to be forgotten", noting that, for Makers, DAC7-relevant tax records may need to be retained per Section 7 even after an erasure request, to the extent the law requires); request restriction of processing; receive a copy of your data in a portable format; object to processing based on our legitimate interest; and withdraw consent at any time for anything based on consent, without affecting processing already carried out. To exercise any of these, contact us at contact@stampista.com. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali: www.garanteprivacy.it), or with the supervisory authority of your own EU country of residence.

11. Cookies

See our Cookie Policy for the full detail on the cookies we use.

12. Children

stampista.com is intended for users who are legally able to enter into binding contracts, and is not directed at children. We do not knowingly collect data from minors.

13. Changes to this policy

We may update this Privacy Policy from time to time. We'll post the revised version here with a new "Last updated" date; material changes will be flagged prominently on the platform.

14. Contact

For any privacy-related question or request, contact Fabio Ferrari at contact@stampista.com.

Please confirm

stampista.com
Privacy Policy Terms of Service Cookie Policy
© 2026 stampista.com

We use a strictly-necessary cookie to keep you logged in, no advertising or analytics cookies. See our Cookie Policy for details, and let us know your preference below.