Privacy Policy

Version 2026.1 — 10 April 2026

We at IDEE know the value of your personal information. Protecting your private information is our priority. This privacy policy applies to IDEE GmbH and IDEE Limited ("IDEE") and governs data collection and usage. For the purposes of this Privacy Policy, unless otherwise stated, all references to IDEE include IDEE websites, mobile applications and all her products and services. By using or accessing IDEE services in any manner, you consent to the data practices and policies outlined in this Privacy Policy.

About us

We provide novel security solutions for entity authentication and authorization with user privacy at the core of our business. IDEE GmbH is a registered company () in Munich, Germany whose office is at , Germany. IDEE Limited is a registered company in the United Kingdom with an office at 114 Lakenheath London N14 4RX, United Kingdom.

What does this Privacy Policy cover?

This Privacy Policy defines what information we collect from you when you access or use IDEE GmbH ("our", "we", "us") Services ("Services"), how we use and protect it, with whom we share it, and what controls and rights you have over your information. We collect information from our users, as explained in more detail below, and we use this information internally in connection with our Services, including to personalise, provide, and improve our services, to allow you to set up a user account, to contact you, to fulfil your requests for certain products and services, and to analyse how you use the Services. In certain cases, with your permission and consent, we may share your information with third parties, but only as described in this policy.

What personal data do we collect?

To provide you with the products and services that you requested on our website, we may collect personally identifiable information listed below:

• Name
• Email address
• Phone number

For you to use our services (e.g. mobile applications), we may collect personally identifiable information listed below:

• Email address
• Phone number

How do we collect personal data?

We do not collect any personal information about you without your consent. We don't collect your personal information such as email address, or phone number from any third party.

When you use our website and request information about our products and services, we ask you to provide us with your name, email address, and phone number.

When you use our self-service website or our mobile apps, we ask you to provide us with your email address.

How do we use the collected personal data?

When you visit our website and request information about our products and services, we use your name, email address, and phone number to respond to your request.

When you use our self-service website or our mobile apps, we collect your email address and hash it immediately. We then store only the salted hash so we can identify you when you return.

How do we secure the collected personal data?

User privacy is at the core of our business. We secure your personal data from unauthorised access, use, or disclosure.

When you visit our website and request information about our products and services, your name, email address, and phone number that you entered are securely provided to us using transport layer security protocol (TLS) and stored encrypted with advanced encryption standard (AES 256-bit) key. AES 256-bit key is the most secure symmetric encryption standard available.

We don't store the email address collected when you use our self-service website or mobile apps. Your email address is hashed using password-based key derivation function version 2 (PBKDF2) to derive a digital representation that cannot be reversed to get back to your plain text email address. This means that even if we are breached, your email address is still protected. We have zero knowledge of the user credentials. More details are available on our app EULA terms and conditions.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include:

• Data anonymization
• Encryption of data in transit and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Employee training on data protection and privacy

Unfortunately, no data storage or transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which is beyond our control; and (b) security, integrity, and privacy of any information and data exchanged between you and us through this site or on our other products cannot be guaranteed.

How do we share collected personal data?

We don't sell, rent or lease your personal data to third parties. We may share your data with trusted third-party service providers to perform functions and provide services to us, such as:

• IT and infrastructure support
• Payment processing
• Marketing and advertising services

We may also share anonymous data such as the data we collect from your interaction with our website with third parties (such as Google and G2) to help perform statistical analysis. We do not share your email address and/or phone number or any other data that you voluntarily gave to us with any third party.

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

How long do we retain personal data?

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Specific retention periods are as follows:

• Account information: Retained until you delete your account.
• Account transaction data: Retained for 90 days for security purposes and fraud prevention.
• Marketing data: Retained until you opt-out or withdraw your consent.
• We may continue to retain some information based on legitimate interest and to comply with laws and regulations.

If you have shared information with your friends and third parties while using our Services, that shared information will still be available with those third parties. You should contact them to delete your information.

International Data Transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We ensure that appropriate safeguards are in place to protect your data, including:

• Implementing Standard Contractual Clauses approved by the European Commission.
• Ensuring that third-party service providers are certified under relevant privacy frameworks.

How do we use Cookies and similar tracking technologies?

We use cookies and similar tracking technologies to collect and use personal data about you. A cookie is a text file that is placed on your computer device by a web server. Cookies can't be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save your time. The purpose of a cookie is to tell the web server that you have returned to a specific page.

To support, develop, and enhance the Services, we use third-party analytics services, including those provided by Google Inc., Hubspot Inc., G2 and LinkedIn Inc. (collectively, "Third Party Analytics Services") to analyse how you interact and engage with the Services. The Third-Party Analytics Services use cookies, web beacons and/or other technologies to collect information about your use of the Services and other websites. Information collected may include your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information.

These cookies include:

• Essential cookies: Necessary for the operation of our website.
• Performance cookies: To analyse website usage and improve performance.
• Functional cookies: To remember your preferences and personalise your experience.
• Marketing cookies: To deliver targeted advertising.

You can manage your cookie preferences through your browser settings or by using our cookie consent tool. You have the option to opt out of Google's use of cookies by visiting google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on.

How do we use External links?

This website contains links to other sites (such as LinkedIn and Twitter). Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy policy of any other site that collects personally identifiable information.

Legal Basis for Data Processing

We process personal data based on the following legal grounds:

• Performance of a contract: To provide our services as requested by you.
• Legitimate interests: For improving our services, security purposes, and fraud prevention.
• Consent: When you have provided your explicit consent for specific purposes.
• Compliance with legal obligations: To comply with applicable laws and regulations.

What are your rights, controls and choices?

We give you total control of your personal data. Depending on the Services, you may have the following rights regarding your data:

• Access and Correction: Access your personal data and correct any inaccuracies. You can view your account data from our apps or self-service site.
• Deletion: Request the deletion of your personal data. You can also decide to delete your account from our apps or self-service site.
• Restriction: Request the restriction of processing your personal data.
• Portability: Request a copy of your personal data in a structured, machine-readable format.
• Objection: Object to the processing of your personal data.
• Withdraw Consent: Withdraw your consent at any time when we rely on consent to process your personal data.

To exercise any of these rights, use the IDEE apps or self-service sites. You can also submit a request using our Privacy & GDPR Request Form.

Cookies

This website uses only essential cookies necessary for the site to function. We do not use tracking, analytics, or marketing cookies. No cookie consent is required as no personal data is collected through cookies.

Changes to this Privacy Policy

IDEE reserves the right to change this Privacy Policy from time to time. We will notify you about significant changes in the way we treat personal data by sending a notice to you on our app or to the email you provided to us, by placing a notice on our website and/or privacy information on this page. Your continued use of our software applications, this site and/or services available through this site after such modifications will constitute your: (a) acknowledgement of the modified Privacy Policy; and (b) agreement to abide and be bound by that Policy.

How can you contact us about this Privacy Policy?

If you have any questions or concerns about our privacy policy or practices, please use our Privacy & GDPR Request Form. This includes all GDPR-related inquiries and requests to our Data Protection Officer (DPO).