Privacy Policy

Effective Date: October 1, 2025
Last Updated: October 1, 2025

Welcome to IdeaVista ("we", "us", or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our technology studio services and visit our website in compliance with the General Data Protection Regulation (GDPR) and Dutch data protection law.

Data Controller:
IdeaVista
Amsterdam, The Netherlands
KvK Number: 97755893
Email: privacy@ideavista.dev

  1. Information We Collect
    • Personal Information: Name, email address, company name (optional), phone number (optional), payment details (processed by Stripe)
    • Project Data: Project requirements, specifications, feedback, communication records, files shared during consultations
    • Usage Data: Website analytics, IP addresses, device/browser information, error logs
    • Cookies and Tracking: See our Cookie Policy for detailed information
  2. Legal Basis for Processing (GDPR Article 6)

    We process your personal data under the following legal bases:

    • Contract Performance (Article 6(1)(b)): Processing necessary to provide our development services, project delivery, and client support
    • Consent (Article 6(1)(a)): For analytics cookies, marketing communications (where you have opted in)
    • Legitimate Interests (Article 6(1)(f)): For fraud prevention, security, improving our services, and business analytics
    • Legal Obligation (Article 6(1)(c)): For compliance with tax, accounting, and legal requirements
  3. How We Use Your Information
    • To provide, maintain, and deliver our technology development services
    • To process payments and manage client contracts (via Stripe)
    • To communicate with you about projects, consultations, and support
    • For analytics, troubleshooting, and security purposes
    • To comply with legal obligations (tax, accounting, law enforcement requests)
    • To prevent fraud and ensure website security
    • To send relevant updates about our services and technology insights (with consent)
  4. Information Sharing & Third-Party Processors

    We do not sell your personal data. We share data with the following trusted third-party processors under Data Processing Agreements (DPAs):

    • Stripe (USA): Payment processing - covered by EU Standard Contractual Clauses (SCCs)
    • Google Analytics (USA): Analytics (only with your consent) - covered by EU-US Data Privacy Framework
    • Vercel (USA): Website hosting and infrastructure - covered by EU Standard Contractual Clauses

    We maintain strict confidentiality regarding client projects and business information. We may disclose information if required by law or to protect our legal rights.

  5. International Data Transfers

    Some of our service providers are located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:

    • EU Standard Contractual Clauses (SCCs) approved by the European Commission
    • Data Processing Agreements (DPAs) with all processors
    • EU-US Data Privacy Framework adequacy decisions where applicable
  6. Data Retention

    We retain your personal data for the following periods:

    • Contact Information: Until you request deletion, plus 30 days for backup purposes
    • Project Data: Duration of project engagement plus 3 years for support and reference purposes
    • Billing Records: 7 years (required by Dutch tax law)
    • Analytics Data: 24 months (anonymized)
    • Communication Records: 3 years from last contact

    After these periods, data is permanently deleted or anonymized. You can request earlier deletion by exercising your GDPR rights (see section 7).

  7. Your GDPR Rights

    Under GDPR, you have the following rights:

    • Right of Access (Article 15): Request a copy of your personal data
    • Right to Rectification (Article 16): Correct inaccurate or incomplete data
    • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
    • Right to Data Portability (Article 20): Receive your data in a machine-readable format
    • Right to Restriction of Processing (Article 18): Limit how we use your data
    • Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing
    • Right to Withdraw Consent (Article 7(3)): Withdraw consent for analytics cookies or marketing at any time
    • Right to Lodge a Complaint (Article 77): File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens - AP)

    How to Exercise Your Rights:
    Email us at privacy@ideavista.dev with your request. We will respond within 30 days as required by GDPR.

    Dutch Data Protection Authority:
    Autoriteit Persoonsgegevens
    autoriteitpersoonsgegevens.nl

  8. Data Security

    We implement appropriate technical and organizational measures to protect your data:

    • Encryption in transit (TLS/SSL) and at rest where applicable
    • Regular security audits and updates
    • Access controls and secure authentication
    • Secure backup procedures
    • Confidentiality agreements with employees and contractors
    • Incident response procedures

    Client project information is treated with the highest level of confidentiality and protected by professional secrecy obligations.

  9. Data Breach Notification

    In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

    • Notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of the breach (GDPR Article 33)
    • Notify affected individuals without undue delay if the breach poses a high risk to their rights (GDPR Article 34)
    • Provide clear information about the nature of the breach and remedial actions taken
  10. Cookies and Tracking Technologies

    We use cookies and similar tracking technologies. For detailed information about:

    • What cookies we use
    • Why we use them
    • How to manage your cookie preferences
    • Cookie consent banner requirements (Dutch DPA compliance)

    Please see our Cookie Policy.

  11. Children's Privacy

    Our Services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will delete such information.

  12. Automated Decision-Making and Profiling

    We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you (GDPR Article 22).

  13. Updates to This Policy

    We may update this Privacy Policy from time to time. When we make significant changes:

    • We will update the "Last Updated" date at the top
    • We will notify active clients via email
    • We will display a prominent notice on our website

    Continued use of our Services after changes constitutes acceptance of the updated policy.

  14. Contact & Data Protection Officer

    For privacy concerns, GDPR requests, or data protection questions, contact us:

    Privacy Officer Email: privacy@ideavista.dev
    General Support: info@ideavista.dev

    Company Details:
    IdeaVista
    Amsterdam, The Netherlands
    KvK Number: 97755893
    https://www.ideavista.dev

    Note on EU Representative: As a Netherlands-based company with an establishment in the EU, we are not required to appoint an EU representative under GDPR Article 27.

Related Policies