Last updated: March 25, 2026
This Privacy Policy describes how idataweb LLC, doing business as idataweb ("we," "us," or "our"), collects, uses, discloses, and protects your personal information when you visit our website at idataweb.com (the "Site"), use our services, or interact with us in any way. We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable data protection laws. By using our Site or services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Site or services.
The data controller responsible for your personal data is: **idataweb LLC** Miami, Florida, United States Email: [email protected] Phone: +1 (786) 671-2484
We use your personal information for the following purposes: - **Service delivery:** To provide, maintain, and improve our services, including project management, communication, and support. - **Account management:** To create and manage your account, process payments, and send transactional emails. - **Communication:** To respond to your inquiries, send project updates, and provide customer support. - **Marketing:** To send newsletters and promotional materials (only with your consent; you can opt out at any time). - **Analytics:** To understand how our Site is used and to improve user experience, content, and performance. - **Security:** To detect, prevent, and address fraud, abuse, security risks, and technical issues. - **Legal compliance:** To comply with applicable laws, regulations, and legal processes.
For users in the European Economic Area (EEA) and the United Kingdom, we process personal data based on the following legal grounds: - **Consent:** When you opt in to marketing communications or accept non-essential cookies. - **Contract performance:** When processing is necessary to deliver services you have requested or to manage your account. - **Legitimate interests:** For analytics, security monitoring, and improving our services — provided these interests do not override your fundamental rights. - **Legal obligation:** When processing is required to comply with applicable laws.
We do not sell your personal information. We share data only in the following circumstances: - **Service providers:** We use third-party services to operate our business, including: - **Stripe** — Payment processing (PCI DSS compliant) - **Resend** — Transactional email delivery - **Google Analytics** — Website analytics (anonymized IP) - **Sentry** — Error monitoring and performance tracking - **Cloudinary** — Image and video hosting/CDN - **HubSpot/Salesforce** — CRM and lead management - **OneTrust** — Cookie consent management - **Tawk.to/Crisp** — Live chat support - **Legal requirements:** We may disclose your information if required by law, court order, or governmental regulation. - **Business transfers:** In the event of a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity. - **With your consent:** We may share your information for other purposes with your explicit consent.
We retain your personal information only as long as necessary for the purposes described in this policy: - **Account data:** For the duration of your account, plus 30 days after deletion request. - **Project data:** For the duration of the project, plus 3 years for contractual and warranty purposes. - **Contact form submissions:** 2 years from the date of submission. - **Payment records:** 7 years as required by US tax law. - **Analytics data:** 26 months (Google Analytics default). - **Support tickets:** 3 years from resolution. - **Marketing data:** Until you unsubscribe or withdraw consent. After the retention period, data is securely deleted or anonymized.
We use cookies and similar technologies categorized as follows: - **Strictly Necessary (C0001):** Essential for the Site to function. Cannot be disabled. Examples: session cookies, CSRF tokens, authentication cookies. - **Performance (C0002):** Help us understand how visitors use the Site. Examples: Google Analytics, Sentry. - **Functional (C0003):** Enable enhanced functionality. Examples: language preference, live chat widget (Tawk.to/Crisp). - **Targeting (C0004):** Used for marketing and A/B testing. Examples: Google Tag Manager marketing tags, Primer. You can manage your cookie preferences at any time through the cookie settings banner (powered by OneTrust). Non-essential cookies are only set after you provide consent. For more details, refer to the cookie settings accessible via the banner or footer of our Site.
Your personal data may be transferred to and processed in the United States, where our servers and primary business operations are located. For transfers from the EEA/UK, we rely on: - Standard Contractual Clauses (SCCs) approved by the European Commission. - Service providers with adequate data protection certifications (e.g., Stripe's PCI DSS compliance). By using our services, you consent to the transfer of your data to the United States.
We implement appropriate technical and organizational measures to protect your personal data, including: - HTTPS/TLS encryption for all data in transit. - Encrypted databases for data at rest. - Role-based access control (RBAC) for internal systems. - Regular security audits and vulnerability assessments. - Secure authentication with optional two-factor authentication (2FA). - Automated backups with encrypted storage. - Content Security Policy (CSP) headers. - Rate limiting and DDoS protection. No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Our Site and services are not directed to children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 16, we will delete it promptly. If you believe we have collected information from a child, please contact us at [email protected].
Our Site may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will notify you via email (if you have an account) or through a prominent notice on our Site. We encourage you to review this policy periodically.
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: **idataweb LLC** Miami, Florida, United States Email: [email protected] Phone: +1 (786) 671-2484 For GDPR-related inquiries, you may also lodge a complaint with your local data protection authority.