Privacy Policy
Last updated:
Data Controller: Inframorph Inc., a company operating under applicable data protection laws including the EU General Data Protection Regulation (GDPR).
This policy explains what personal data we collect, our legal basis for processing, how we use it, your rights, and how to contact us.
1. Information We Collect
- Account information such as name, email, and organization details.
- Authentication and security data, including logs and device information.
- Billing information handled securely via our payment provider.
- Product analytics to improve the Services.
2. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
- Contract Performance: Account management, service delivery, billing
- Legitimate Interest: Security monitoring, fraud prevention, service improvement
- Consent: Marketing communications, non-essential cookies
- Legal Obligation: Tax records, legal compliance, data breach notifications
3. How We Use Information
- To provide and maintain the Services (Contract Performance)
- To process subscriptions and payments (Contract Performance)
- To enhance security, prevent abuse, and debug issues (Legitimate Interest)
- To communicate important updates about your account (Contract Performance)
- To send marketing communications (Consent - you can opt out)
4. Sharing and Third Parties
We do not sell your personal information. We may share data with:
- Service Providers: Hosting (AWS/Azure), email delivery, payment processing (Paddle)
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In case of merger, acquisition, or asset sale
All third parties are bound by data processing agreements ensuring GDPR compliance.
5. Data Retention
We retain personal data for specific periods:
- Account Data: Until account deletion + 30 days for recovery
- Billing Records: 7 years for tax compliance
- Security Logs: 12 months for fraud prevention
- Marketing Data: Until consent withdrawal + 3 months
When retention periods expire, data is securely deleted or anonymized.
5. Security
We use industry-standard security measures, including encryption in transit, access controls, and regular audits. No method is 100% secure, and we encourage enabling multi-factor authentication.
6. International Transfers
Your data may be processed in jurisdictions different from your own. We implement safeguards for cross-border transfers where required.
7. Your Rights Under GDPR
If you are in the EU/EEA, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: For consent-based processing
How to Exercise Rights: Email [email protected] or use your account settings. We respond within 30 days.
Complaints: You can lodge a complaint with your local data protection authority.
8. Cookies
We use cookies and similar technologies for essential functionality and analytics. You can adjust cookie settings in your browser.
9. Children
Our Services are not directed to children under 16. We do not knowingly collect data from children.
10. Changes
We may update this policy. Changes will be posted on this page with an updated date.
11. Data Breach Notification
In case of a data breach affecting your personal data, we will notify you and relevant authorities within 72 hours where required by law.
12. Contact Information
Data Protection Contact: [email protected]
General Support: [email protected]
Company Address: [Your registered business address for GDPR compliance]
EU Representative: If you are based outside the EU but process EU data, list your EU representative here.