GDPR & CCPA Policy

1. Introduction

IPFly ("we," "our," or "us") is committed to complying with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Economic Area (EEA). This GDPR Compliance Policy outlines our approach to data protection and the rights of data subjects under GDPR.

2. Data Controller and Processor

2.1 Our Role

IPFly acts as both a Data Controller and Data Processor under GDPR:

• Data Controller: For personal data collected from our website visitors, customers, and newsletter subscribers
• Data Processor: For IP address data processed through our geolocation API services on behalf of our customers

2.2 Data Processing Agreement

We offer a Data Processing Agreement (DPA) to all business customers who use our API services to process personal data of EEA residents. The DPA outlines our obligations as a data processor and can be requested from our legal team.

3. Lawful Basis for Processing

We process personal data based on the following lawful bases under GDPR:

• Contractual Necessity: Processing necessary to fulfill our service agreements
• Legitimate Interests: Processing for our legitimate business interests while respecting data subject rights
• Consent: Where required, we obtain explicit consent for specific processing activities
• Legal Obligation: Processing required to comply with legal requirements

4. Data Subject Rights

Under GDPR, data subjects have the following rights regarding their personal data:

4.1 Right to Access

You have the right to request access to the personal data we hold about you and receive a copy of that data.

4.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data we hold about you.

4.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data under certain circumstances.

4.4 Right to Restrict Processing

You may request temporary restriction of processing your personal data in specific situations.

4.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

4.6 Right to Object

You may object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

4.7 Rights Related to Automated Decision Making

You have rights regarding automated decision making, including profiling, that produces legal effects concerning you.

5. Data Processing Principles

We adhere to GDPR's data processing principles:

• Lawfulness, fairness, and transparency: We process data lawfully and provide clear information about processing activities
• Purpose limitation: We collect data for specified, explicit, and legitimate purposes
• Data minimization: We only collect data that is adequate, relevant, and necessary
• Accuracy: We take reasonable steps to ensure data accuracy
• Storage limitation: We retain data only for as long as necessary
• Integrity and confidentiality: We implement appropriate security measures
• Accountability: We demonstrate compliance with all GDPR principles

6. International Data Transfers

IPFly may transfer personal data outside the EEA. When we do, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with approved data protection standards
• Binding Corporate Rules for intra-organizational transfers

7. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response and breach notification procedures

8. Data Protection Officer

IPFly has appointed a Data Protection Officer (DPO) to oversee our GDPR compliance efforts. You can contact our DPO at:

Email: dpo@ipfly.world
Address: 123 API Street, Tech City, TC 12345

9. Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to individuals' rights and freedoms.

10. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at privacy@ipfly.world. We will respond to your request within one month of receipt.

1. Introduction

IPFly ("we," "our," or "us") complies with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This policy outlines the rights of California consumers and our practices regarding the collection, use, and sharing of personal information.

2. Scope and Definitions

2.1 Covered Individuals

This policy applies to California residents ("consumers") as defined by CCPA/CPRA.

2.2 Personal Information

Under CCPA/CPRA, "personal information" includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

2.3 Sensitive Personal Information

We acknowledge special categories of sensitive personal information under CPRA and provide additional protections for such data.

3. Categories of Personal Information We Collect

We collect the following categories of personal information:

• Identifiers: Name, email address, IP address, account information
• Commercial Information: Subscription records, payment information, service usage data
• Internet Activity: Browsing history, interaction with our website, API usage logs
• Geolocation Data: Approximate location derived from IP addresses
• Professional Information: Business contact information for corporate accounts

4. Purposes for Collecting Personal Information

We collect personal information for the following business purposes:

• Providing and maintaining our geolocation API services
• Processing transactions and managing accounts
• Improving our services and developing new features
• Security and fraud prevention
• Legal compliance and regulatory requirements
• Marketing and communication (with consent where required)

5. California Consumer Rights

California consumers have the following rights under CCPA/CPRA:

5.1 Right to Know

You have the right to request information about:

• Categories of personal information we collect
• Sources from which we collect personal information
• Business purposes for collecting personal information
• Categories of third parties with whom we share personal information
• Specific pieces of personal information we have collected about you

5.2 Right to Delete

You may request deletion of personal information we have collected from you, subject to certain exceptions.

5.3 Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

5.4 Right to Opt-Out of Sale/Sharing

You have the right to opt-out of the "sale" or "sharing" of your personal information. IPFly does not sell personal information as defined by CCPA.

5.5 Right to Limit Use of Sensitive Personal Information

You may request limitations on the use and disclosure of sensitive personal information.

5.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

6. How to Exercise Your Rights

6.1 Submission Methods

You may exercise your CCPA/CPRA rights through the following methods:

• Email: support@ipfly.world

6.2 Verification Process

We will verify your identity before processing rights requests to protect your personal information.

6.3 Response Timeline

We will respond to verifiable consumer requests within 45 days, with a possible 45-day extension when reasonably necessary.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements.

8. Third-Party Disclosures

We may disclose personal information to the following categories of third parties:

• Service Providers: Companies that process data on our behalf under contract
• Data Analytics Providers: Tools that help us understand service usage
• Payment Processors: Secure payment handling services
• Legal and Regulatory Authorities: When required by law

9. Minors Under 16

We do not knowingly collect personal information from minors under 16 without affirmative authorization. If we learn we have collected personal information from a minor under 16, we will delete that information.

10. Authorized Agents

California consumers may use authorized agents to exercise CCPA/CPRA rights on their behalf. Authorized agents must provide proof of authorization and verify their own identity.

11. Financial Incentives

We do not offer financial incentives or price differences in exchange for the retention or sale of personal information.

12. Contact Information

For questions about this CCPA/CPRA policy or to exercise your rights, please contact us:

Email: support@ipfly.world