Privacy Policy
This Privacy Policy explains what information we collect, why we collect it, and the controls you have over your data.
1. Information we collect
We collect the categories of personal data below, the sources we rely on, and the lawful bases under the GDPR when they apply.
2. How we use information
- Provide and personalise the Idforia experience.
- Protect community safety, detect fraud, and enforce our policies.
- Improve and research product performance and features.
- Communicate with you about updates, support, and marketing (with your consent).
- Comply with legal obligations and respond to lawful requests.
3. When we share information
- Service providers: We partner with trusted vendors for hosting, analytics, customer support, payments, and security.
- Legal requests: We share data when required by law or to protect the rights, property, or safety of Idforia or others.
- Business transfers: If we undergo a merger, acquisition, or asset sale, information may be transferred subject to this Policy.
- With your consent: We share information outside of these circumstances only when you direct us to do so.
4. International data transfers
Idforia may process information in countries other than where you reside. We rely on approved legal mechanisms, such as Standard Contractual Clauses, to protect personal data transferred from the European Economic Area or the United Kingdom.
5. Data retention
We keep information only as long as necessary to provide Idforia, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer required, we delete or anonymise it. Typical retention periods are:
- Account data: Stored for the life of the account and deleted within 30 days of confirmed deletion, except minimal logs retained for fraud prevention and legal obligations.
- Content and activity: Available while your account is active; backups and audit records are cycled within 90 days.
- Usage and device data: Security logs retained up to 12 months; aggregated analytics retained in non-identifiable form.
- Payment data: Transaction records kept for at least 7 years to meet tax, accounting, and anti-fraud obligations.
- Support communications: Retained up to 24 months for follow-up and quality assurance unless removal is required sooner.
- Cookie identifiers: See the Cookie Policy for cookie-specific lifespans and preference storage.
6. Your choices and rights
GDPR rights
- Access and rectification of your personal data through account settings or by contacting privacy@idforia.com.
- Erasure of your data ("right to be forgotten") and deletion of your account, subject to legal obligations.
- Restriction or objection to processing based on legitimate interests or direct marketing.
- Data portability by requesting a copy of your data in a machine-readable format.
- Withdraw consent at any time for processing based on consent, including analytics/advertising cookies.
- Lodge a complaint with your local data protection authority if you are unsatisfied with our response.
CCPA/CPRA rights
- Right to know what personal information we collect, use, disclose, and share.
- Right to delete personal information, subject to exceptions (for example, security, compliance, or transaction completion).
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising.
- Right to limit the use and disclosure of sensitive personal information, where applicable.
- Right to non-discrimination for exercising these rights.
Submit requests or questions by emailing privacy@idforia.com or through account settings where available. We may verify your identity before completing requests and will respond within the timelines required by law.
7. Cookies and tracking
We use cookies, local storage, and similar technologies for authentication, analytics, and personalisation. On your first visit, we present a cookie banner where you can: (1) accept all cookies, (2) reject non-essential cookies, or (3) manage granular preferences for analytics and advertising. We only set analytics/advertising cookies after you provide consent where required.
Your selections are stored in a first-party preference cookie (or local storage) for up to 12 months so we can honor them on future visits. You can reopen controls via the "Cookie Preferences" link in the site footer or in account settings to withdraw consent or change choices at any time. See our Cookie Policy for full details.
8. Security
We implement administrative, technical, and physical safeguards to protect your information. These include encryption, access controls, regular security reviews, and incident response procedures. No online service can guarantee absolute security, but we take reasonable steps to protect your data.
9. Children's privacy
Idforia is not directed to children under 13. If we learn that we have collected personal information from a child under the applicable minimum age without parental consent, we will delete the information. Parents or guardians can contact safety@idforia.com to request removal.
10. Changes to this Policy
We may update this Privacy Policy from time to time. Material updates will be communicated through the product or email. Continued use of Idforia after the changes take effect means you accept the revised Policy.
11. Contact us
If you have questions or concerns about this Policy or our practices, email privacy@idforia.com or write to Idforia, Attn: Privacy Office.