Privacy Policy

Last updated: June 2026

1. Who we are

Gregor ("we", "us", "our") is an advanced biotechnology intelligence newsletter published at gregor.bio.

For the purposes of the EU General Data Protection Regulation (GDPR), the data controller is:

Dario Pirola

Email: gregor@gregor.bio

2. Data we collect

We collect only the data necessary to deliver the newsletter service.

Newsletter subscribers

When you subscribe via gregor.bio/subscribe, we collect:

  • First name (required)
  • Last name (optional)
  • Email address (required)
  • Delivery frequency preference (Weekly / Biweekly / Monthly)
  • Consent timestamp — the date and time you confirmed your subscription via the double opt-in email

Portal users

If you create an account to access the subscriber portal, we collect the email address and display name provided by your Google or Facebook login. We do not store your password — authentication is handled by Firebase Auth (Google).

Newsletter delivery statistics

After each newsletter send, we store aggregate delivery data in our database: recipient count, send timestamp, and a campaign reference ID. No email addresses or personal identifiers are stored in this record.

3. Why we process your data and our legal basis

PurposeLegal basis (GDPR Art. 6)
Sending you the Gregor newsletterConsent — Art. 6(1)(a)
Sending a double opt-in confirmation email to verify your addressConsent — Art. 6(1)(a)
Authenticating portal usersContract performance — Art. 6(1)(b)
Aggregate delivery statistics (no PII)Legitimate interest — Art. 6(1)(f)

You may withdraw your consent at any time by unsubscribing (see section 6). Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

4. Who we share your data with

We do not sell your personal data. We share it only with the service providers below, each acting as a data processor under a contractual agreement with us.

Brevo (Sendinblue SAS)

Brevo is our email delivery provider. Your email address, name, frequency preference, and consent record are stored in Brevo. Brevo is headquartered in France and processes data in the EU under GDPR. A Data Processing Agreement (DPA) is in place via Brevo's Terms of Service.

Brevo Privacy Policy →

Google (Firebase / Google Cloud)

We use Firebase Auth (Google) to manage portal user authentication and Google Cloud Firestore to store newsletter delivery statistics. Google acts as a data processor under Google's Data Processing Amendment.

Google Privacy Policy →

All processors are either based in the EU or participate in a recognised adequacy mechanism. No data is transferred to third countries without appropriate safeguards.

5. How long we keep your data

  • Subscriber data in Brevo — retained until you unsubscribe or request erasure. After unsubscription, Brevo keeps your email on a suppression list to prevent accidental re-addition; you may request removal from the suppression list by contacting us.
  • Portal account data in Firebase Auth — retained until you delete your account or request erasure.
  • Delivery statistics in Firestore — retained indefinitely as they contain no personal data.

6. Your rights under GDPR

You have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete data.
  • Right to erasure — ask us to delete your personal data ("right to be forgotten").
  • Right to restriction of processing — ask us to restrict how we use your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interest.
  • Right to withdraw consent — unsubscribe at any time by clicking the unsubscribe link in any newsletter email, or by using the subscriber portal.

To exercise any right other than unsubscription, contact us at gregor@gregor.bio. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority (in Italy: Garante per la protezione dei dati personali).

7. Cookies and tracking

The Gregor website uses only functional cookies required to operate the authentication session (Firebase Auth). We do not use advertising or tracking cookies.

Newsletter emails sent via Brevo may include a tracking pixel that records whether the email was opened, and link-click tracking. Brevo uses this data to generate aggregate delivery statistics. If you prefer not to be tracked, you can disable image loading in your email client.

8. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify active subscribers by email.

9. Contact

For any questions about this policy or how we handle your data, contact us at: gregor@gregor.bio

← Back to home