Privacy Policy and GDPR
Dernière mise à jour: 7/14/2026
The purpose of this Privacy Policy is to inform you about how IDIPP collects, uses, stores, and protects your personal data when you use our website at www.idipp.com (the "Portal") in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to protecting your privacy and ensuring transparency about our data processing activities.
IDIPP continuously invests in technology and innovative products to provide better services to our users. We implement the highest level of security measures to ensure lawful collection, storage, and sharing of personal data while protecting your privacy.
IDIPP may update and modify this Privacy Policy at any time by publishing changes on the Portal. We encourage you to review this policy periodically.
a) Data Controller
In accordance with the GDPR, your personal data will be collected and processed by IDIPP as the data controller within the scope explained below. As the data controller, we determine the purposes and means of processing your personal data.
b) Personal Data We Collect
IDIPP collects various types of personal data from users through the methods specified below. The data we collect depends on the services and features you use.
Name and Contact Information: Name, surname, phone numbers, address, email address, and billing information.
Authentication Information: Membership information, passwords used for authentication and account access, usernames, and contact details.
Demographic Data: Date of birth, age, gender, occupation, interests, and preferred language.
Usage Data: Products viewed on the Portal, search terms, pages visited, visit duration, and user interactions with our services.
Location Data: Data about your precise or approximate location, collected only with your consent when using location-based features.
Payment Data: Invoice and payment information processed securely through our payment service providers.
c) Purposes of Data Processing
We process your personal data for the following purposes:
- Providing and improving our services
- Managing user accounts
- Providing customer support
- Security and fraud prevention
- Complying with legal obligations
- Marketing and communications (with your consent)
- Analytics and service improvement
d) Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary for the performance of our contract with you.
- Legal Obligation: Processing necessary to comply with our legal obligations.
- Legitimate Interest: Processing necessary for our legitimate interests, such as improving services and preventing fraud.
- Consent: Processing based on your explicit consent, which you can withdraw at any time.
e) Data Sharing and Transfers
We may share your personal data with third parties only when necessary to provide our services, comply with legal obligations, or with your consent. These third parties include:
- Service providers and business partners
- Payment processors
- Analytics and marketing partners
- Legal authorities (when required by law)
When we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data.
f) Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When data is no longer needed, it is securely deleted or anonymized.
g) Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments.
h) Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access: Request access to your personal data and obtain a copy.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your data under certain circumstances ("right to be forgotten").
- Right to Restriction: Request restriction of processing in certain situations.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Withdraw your consent at any time for consent-based processing.
i) Cookies
We use cookies and similar technologies on our website to enhance your experience, analyze usage, and provide personalized content. You can manage your cookie preferences through your browser settings or our cookie consent tool.
j) Policy Changes
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by posting a notice on our website or by sending you a direct notification.
k) International Data Transfers and Third-Party Sub-Processors
Under GDPR Art. 44-49 (and KVKK Art. 9 for Turkish data subjects), your personal data is processed by the following international sub-processors required to deliver our service. All listed sub-processors are GDPR-compliant with Standard Contractual Clauses (SCC) providing adequate safeguards.
| Service | Provider / Location | Data Processed | Purpose |
|---|---|---|---|
| MongoDB Atlas | MongoDB Inc. (US) / EU (Frankfurt) | Full database (users, passports, subscriptions) | Cloud-hosted database |
| Fly.io | Fly.io Inc. (US) / EU (Frankfurt) | Backend logs, request payload | Backend hosting |
| Vercel | Vercel Inc. (US) / EU Edge | IP address, page views | Frontend (dashboard + landing) hosting |
| Cloudflare R2 | Cloudflare Inc. (US) / EU | Uploaded files (product images, receipts) | Object storage |
| Cloudflare CDN | Cloudflare Inc. (US) / Global Edge | IP address, request logs | Performance + security (DDoS protection) |
| Brevo (Sendinblue) | Sendinblue SAS (FR) / EU | Email, name, contract PDF attachment | Transactional email delivery |
| Upstash Redis | Upstash Inc. (US) / EU | Session cache, rate-limit counters | Serverless cache |
| OpenAI API | OpenAI Inc. (US) | User query text (when AI features are used) | AI-assisted content generation |
Your rights under GDPR Art. 15-22: You have the right to access, rectify, erase, restrict processing, and object to international transfers of your personal data. To exercise these rights, please contact us using the details below.
l) Contact Us
If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your data, please contact us:
IDIPP
Email: info@idipp.com
You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.