IdentaHub Logo
Privacy Policy

Your Privacy is Our Priority

We believe in complete transparency about how we collect, use, and protect your personal information. This policy explains our privacy practices in clear, simple terms.

Last updated: June 13, 2025Effective: June 13, 2025

Privacy at a Glance

Data Minimization

We only collect data necessary for providing our service. No excessive tracking or unnecessary data collection.

Strong Security

All data encrypted in transit and at rest. Regular security audits and automatic anonymization processes.

Your Rights

Full control over your data. Access, modify, export, or delete your information at any time.

What Information We Collect

Personal Information
Information you provide when creating your account and business cards

User Account Data (via Clerk)

  • Email address (required for authentication)
  • Full name (for account identification)
  • Profile information you choose to add

Business Card Information

  • Contact details (name, title, company, email, phone, website)
  • Social media links (LinkedIn, Twitter, Instagram, Facebook)
  • Any additional information you choose to include
Analytics Data
Information collected to help you understand how your business cards perform
  • IP addresses (automatically anonymized after 30 days)
  • Device information and user agents (anonymized after 90 days)
  • Geographic location (city/region level, not precise location)
  • Scan timestamps and view counts
  • Referrer information (how people found your card)
Usage Data
Information about how you use our platform
  • Feature usage patterns and click behavior
  • Session information and login times
  • Error logs and performance metrics
  • Support interactions and feedback

Legal Basis for Processing

Contract Performance

Processing necessary to provide our core QR business card services:

  • Creating and managing your business cards
  • Generating QR codes
  • Displaying your cards to contacts
  • Account management and authentication
Legitimate Interest

Processing for legitimate business purposes:

  • Analytics and service improvement
  • Security monitoring and fraud prevention
  • Technical support and troubleshooting
  • Performance optimization
Consent

With your explicit permission for:

  • Optional advanced analytics features
  • Marketing communications
  • Non-essential cookies
  • Optional data sharing with third parties
Legal Obligation

When required by law for:

  • Security incident logging
  • Fraud prevention and detection
  • Compliance with legal requests
  • Tax and accounting requirements

How We Protect Your Data

Automatic Data Anonymization
We automatically protect your privacy over time
30 Days
IP addresses automatically anonymized
90 Days
User agent strings anonymized
1 Year
Analytics data automatically deleted
Security Measures

Technical Security

  • Modern TLS encryption for all data in transit (TLS 1.2+ as supported by hosting provider)
  • Database encryption at rest
  • Application-level encryption for sensitive fields
  • Regular security audits and penetration testing

Access Controls

  • Role-based access permissions
  • Multi-factor authentication requirements
  • Parameterized queries preventing injection
  • Comprehensive audit logging

Your Privacy Rights

Access & Export

Request a complete copy of all data we hold about you in a standard format.

  • Account information and business cards
  • Analytics data and usage history
  • Available within 30 days
  • Downloadable JSON format
Rectification

Update or correct any inaccurate personal information at any time.

  • Edit profile information in your dashboard
  • Update business card details instantly
  • Contact support for other corrections
  • Changes reflected immediately
Erasure (Right to be Forgotten)

Request complete deletion of your account and all associated data.

  • Delete account through dashboard settings
  • All business cards become inactive
  • Analytics data immediately anonymized
  • Irreversible within 30 days
Object to Processing

Opt out of non-essential data processing and analytics collection.

  • Disable analytics collection in settings
  • Opt out of marketing communications
  • Granular privacy controls available
  • Core functionality remains available

Third-Party Services

Authentication (Clerk)
Secure user authentication and account management

Data Shared

  • Email address and name
  • Authentication tokens
  • Login activity

Protection

  • SOC 2 Type II compliant
  • GDPR compliant
  • Data processing agreement in place
Analytics (Vercel)
Performance monitoring and usage analytics

Data Shared

  • Anonymized usage statistics
  • Performance metrics
  • Aggregate user behavior

Protection

  • No personal identifiers shared
  • Aggregate data only
  • GDPR compliant processing
Geolocation (IPBase)
Geographic analytics for QR code scans

Data Shared

  • IP addresses (for geolocation only)
  • No personal information
  • No data storage by provider

Protection

  • City/region level accuracy only
  • IP addresses anonymized after 30 days
  • No precise location tracking

International Data Transfers

Data Residency

  • Primary servers located in EU/EEA data centers
  • Backup locations in adequate protection jurisdictions
  • No transfers to countries without adequate protection

Safeguards

  • Standard Contractual Clauses for all transfers
  • Regular review of transfer mechanisms
  • Additional encryption for sensitive data

Cookie Policy

Essential Cookies
Required for basic functionality - no consent needed
  • Session cookies: Authentication and security (Clerk)
  • Security cookies: CSRF protection and rate limiting
  • Preference cookies: User interface preferences and settings
Analytics Cookies
Help us understand how you use our service - requires consent
  • Usage analytics: Track feature usage and performance
  • Geographic analytics: Aggregate location data for insights
  • Error tracking: Help us identify and fix issues

Cookie Consent: We provide clear consent options and allow you to withdraw consent at any time. You can manage your cookie preferences in your account settings.

Contact Information

Privacy Questions

For questions about this privacy policy or our data practices:

Email: privacy@identahub.com
Response Time: Within 48 hours
Languages: English, Dutch, German
Data Protection Officer

For formal data protection requests and compliance matters:

Email: dpo@identahub.com
Response Time: Within 30 days (legal maximum)
Jurisdiction: Netherlands (EU)
Security Incidents

To report security vulnerabilities or suspected breaches:

Email: security@identahub.com
Response Time: Within 24 hours
PGP Key: Available on request
Supervisory Authority

You have the right to lodge a complaint with your local data protection authority:

EU: Your national data protection authority
Netherlands: Autoriteit Persoonsgegevens (AP)
Directory: EDPB Member List

Policy Updates

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:

  • We'll notify you by email at least 30 days before changes take effect
  • We'll post a notice on our website and in your dashboard
  • You'll have the opportunity to review and accept the changes
  • If you don't agree, you can delete your account before the changes take effect

Current Version Information

Version: 2.1
Last Updated: June 13, 2025
Effective Date: June 13, 2025
Previous Version: Available upon request

Questions About Your Privacy?

We're here to help. Contact our privacy team or review our other policies.

Contact Privacy TeamTerms of ServicePrivacy Settings