Privacy Policy

How we handle and protect your information

Last updated: December 2025 Applies to all IdeaDunes public and platform services

1. Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, company name, and password when you register.
  • Profile Data: Job title, phone number, and profile picture.
  • CRM Data: Contacts, deals, tasks, emails, and other business data you enter.
  • Usage Data: How you interact with the Service, including pages visited, features used, and time spent.
  • Device Information: Browser type, operating system, screen resolution, and device identifiers.
  • Communication Data: Support tickets, feedback, and any correspondence with our team.

2. How We Use Your Information

  • Provide, maintain, and improve the Service.
  • Send transactional emails (password resets, account notifications).
  • Provide customer support and respond to inquiries.
  • Analyze usage patterns to improve user experience.
  • Detect, prevent, and address security issues.
  • Personalize your experience and provide relevant recommendations.
  • Generate aggregated, anonymized analytics to improve our platform.
  • Comply with legal obligations and enforce our terms.

3. Data Storage and Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256).
  • Regular security audits and third-party penetration testing.
  • Role-based access controls and multi-factor authentication.
  • Automated backups with encrypted, geographically distributed storage.
  • Continuous monitoring and intrusion detection systems.
  • SOC 2 Type II compliant infrastructure.

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Third-party services that help us operate (hosting, analytics, payment processing). All providers are bound by data processing agreements.
  • Legal Requirements: When required by law, court order, or to protect our rights, safety, or property.
  • With Your Consent: When you explicitly authorize sharing, such as through integrations you enable.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected users.

5. Sub-Processors

We use the following categories of sub-processors to deliver our Service:

  • Cloud Infrastructure: Hosting and compute services
  • Email Delivery: Transactional and marketing email services
  • Payment Processing: Secure payment handling (PCI DSS compliant)
  • Analytics: Anonymized usage analytics
  • Support Tools: Customer support and ticketing platforms

A complete list of our sub-processors is available upon request at privacy@ideadunes.com.

6. Your Rights

You have the right to:

  • Access and download your personal data in standard formats (CSV, JSON, PDF).
  • Correct inaccurate information.
  • Delete your account and associated data.
  • Opt out of marketing communications (one-click unsubscribe in every email).
  • Export your CRM data anytime from Settings > Data Export.
  • Restrict or object to certain processing activities.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority.

7. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Functional Cookies: Remember your preferences (language, timezone, layout settings).
  • Analytics Cookies: Help us understand how the Service is used. Anonymized and aggregated.

We do not use third-party advertising cookies or cross-site tracking. You can manage cookie preferences in your browser settings or via our cookie banner. For more detail, see our Cookie Policy.

8. International Data Transfers

If we transfer your data outside your country of residence, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all international sub-processors
  • Encryption of data in transit and at rest for all cross-border transfers

9. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Personal data is deleted within 30 days
  • Backup copies are purged within 90 days
  • Anonymized analytics data may be retained indefinitely
  • Data required by law (tax records, legal holds) is retained as legally required

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will promptly delete it.

11. Breach Notification

In the event of a data breach that affects your personal information:

  • We will notify affected users within 72 hours of discovery (per GDPR requirements)
  • We will notify relevant supervisory authorities as required by law
  • We will provide details about the breach, potential impact, and steps taken to mitigate harm
  • We will offer guidance on protective measures you can take

12. Data Protection Officer

IdeaDunes has appointed a Data Protection Officer (DPO) who can be reached at dpo@ideadunes.com for any data protection inquiries, concerns, or requests.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on the Service at least 30 days before they take effect. The "Last updated" date at the top of this page indicates the latest revision.

14. GDPR and International Privacy

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, additional rights and protections apply under the GDPR. For comprehensive details about our GDPR compliance, lawful bases for processing, data subject rights, international data transfers, and our Data Processing Agreement, please see our dedicated GDPR Compliance page.

15. CCPA/CPRA (California Privacy Rights)

California residents have additional privacy rights under the CCPA and CPRA, including the right to know, delete, correct, and opt out. IdeaDunes does not sell or share personal information for cross-context behavioral advertising. For details, see our CCPA Compliance page.

16. Contact Us

For privacy-related questions, contact us at: