Legal

Privacy Policy

How eIDAS Pro protects your privacy and handles personal data

Last Updated: January 29, 2026

1. Introduction

eIDAS Pro ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our digital identity verification services.

Our service is built on the principles of privacy-by-design and data minimization, in full compliance with the General Data Protection Regulation (GDPR) and the eIDAS Regulation.

2. Data Controller

eIDAS Pro acts as a data processor on behalf of our customers (data controllers) who integrate our verification services into their applications. For direct communications with eIDAS Pro (website visits, support inquiries, consultations), eIDAS Pro is the data controller.

Contact Information:
Email: support [at] eidas-pro.com
LinkedIn: linkedin.com/company/eidas-pro

3. Information We Collect

3.1 Verification Service Data

When users verify their identity through our service, we temporarily process:

  • Identity document data (as provided by eIDAS-compliant national identity systems)
  • Verification results (success/failure status)
  • Transaction metadata (timestamp, verification type, country)

Important: We do NOT store identity document data after verification completes. All verification happens in real-time, and sensitive personal data is immediately discarded after the result is returned to the requesting application.

3.2 Website and Marketing Data

When you visit our website or interact with our services, we may collect:

  • Contact information (name, email, company) when you fill out forms
  • Technical data (IP address, browser type, device information, cookies)
  • Usage data (pages visited, time spent, referral source)
  • Communication data (support tickets, consultation notes)

3.3 Customer Account Data

For customers who integrate our API, we collect:

  • Account credentials (email, encrypted password or OAuth tokens)
  • Billing information (processed securely through third-party payment providers)
  • API usage statistics (number of verifications, error rates)

4. How We Use Your Information

We use collected data for:

  • Service Delivery: Processing identity verifications, managing API access, providing technical support
  • Security: Detecting fraud, preventing unauthorized access, maintaining system integrity
  • Analytics: Improving service performance, understanding usage patterns, optimizing user experience
  • Communication: Responding to inquiries, sending service updates, providing customer support
  • Legal Compliance: Meeting regulatory requirements, responding to legal requests, enforcing terms

5. Data Storage and Retention

Verification Data: Identity document data is NOT stored. We only retain anonymized verification transaction logs (without personal data) for 90 days for service quality monitoring.

Account Data: Customer account information is retained for the duration of the service relationship plus 7 years for legal and accounting purposes.

Marketing Data: Contact information from website forms is retained until you unsubscribe or request deletion.

All data is stored on secure servers within the European Union, ensuring compliance with GDPR data residency requirements.

6. Data Sharing and Third Parties

We do NOT sell your personal data. We may share data with:

  • Service Providers: Cloud hosting (AWS/Railway), email services (Resend), error monitoring (Sentry), analytics (privacy-focused tools only)
  • Payment Processors: Freemius for subscription billing (they handle payment card data, we never see it)
  • Legal Authorities: When required by law, court order, or to protect our legal rights
  • Business Transfers: In case of merger, acquisition, or sale (with advance notice to you)

All third-party processors are bound by data processing agreements and GDPR-compliant safeguards.

7. For API Customers (B2B)

If you integrate eIDAS Pro's verification API into your application:

Your Role: DATA CONTROLLER

You are the data controller for any verification results you store in your systems.

What This Means - You Still Need:

  • Privacy policy disclosing eIDAS verification use
  • Retention policy for verification logs (we recommend 30-90 days)
  • Deletion procedures for expired data
  • Data subject request handling (access, deletion requests)
  • Basic security measures for stored verification results

What You DON'T Need:

  • Special category data handling (no biometrics stored)
  • Document storage security infrastructure
  • Image retention and redaction workflows
  • Complex DPIA for high-risk processing

Important: The significant data reduction (95-99% less than traditional KYC) dramatically simplifies compliance but does not eliminate GDPR obligations entirely.

8. Your Rights Under GDPR

You have the right to:

  • Access: Request a copy of your personal data we hold
  • Rectification: Correct inaccurate or incomplete data
  • Erasure ("Right to be Forgotten"): Request deletion of your data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Object: Opt-out of marketing communications or certain processing activities
  • Lodge a Complaint: File a complaint with your national data protection authority

To exercise these rights, contact us at support [at] eidas-pro.com. We will respond within 30 days.

9. Security Measures

We implement industry-standard security practices:

  • End-to-end encryption for all data transmission (TLS 1.3)
  • Encrypted database storage with access controls
  • Regular security audits and penetration testing
  • Rate limiting and DDoS protection
  • Automated vulnerability scanning and patching
  • Strict employee access controls and training
  • Incident response procedures with breach notification within 72 hours

10. Cookies and Tracking

Our website uses minimal, essential cookies only:

  • Session Cookies: Maintain your login state
  • Preference Cookies: Remember your settings
  • Analytics Cookies: Privacy-focused analytics (no personal data shared with third parties)

We do NOT use advertising cookies or behavioral tracking. You can control cookies through your browser settings.

11. International Data Transfers

All data processing occurs within the European Union. If we must transfer data outside the EU, we ensure adequate safeguards through:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Binding corporate rules

12. Children's Privacy

eIDAS Pro is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via:

  • Email notification to registered users
  • Prominent notice on our website
  • Updated "Last Modified" date at the top of this policy

Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, requests, or concerns:

Email: support [at] eidas-pro.com
Subject Line: Privacy Request - [Your Request Type]
Response Time: Within 30 days (as required by GDPR)

For urgent security matters, please use the subject line "URGENT: Security Issue" and we will respond within 24 hours.

Questions About Privacy?

Our team is here to address your privacy and data protection concerns.