GDPR Policy

1. Overview

IPFly is committed to compliance with the General Data Protection Regulation (GDPR) for our European Union customers and users. This policy outlines how we handle personal data in accordance with GDPR requirements.

The GDPR gives EU residents greater control over their personal data and imposes strict rules on those hosting and processing this data.

2. Data Controller Information

IPFly acts as the data controller for personal data collected through our services. For GDPR-related inquiries, please contact us at:
[email protected]

3. Lawful Basis for Processing

We process personal data on the following lawful bases:

Contract Performance: Processing necessary to fulfill our API service agreement with you
Legitimate Interests: Improving our services, fraud prevention, and security
Legal Obligation: Compliance with applicable laws and regulations
Consent: Where you have given explicit consent (e.g., marketing communications)

4. Types of Data Processed

In the course of providing our services, we may process:

Account information (name, email address, billing details)
API usage data (request logs, IP addresses queried)
Technical data (your IP address, browser type, access timestamps)
Communication data (support tickets, email correspondence)

5. Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

Right of Access (Art. 15): Obtain a copy of your personal data we process
Right to Rectification (Art. 16): Correct inaccurate or incomplete data
Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
Right to Restriction (Art. 18): Restrict how we process your data
Right to Portability (Art. 20): Receive your data in a machine-readable format
Right to Object (Art. 21): Object to processing based on legitimate interests
Rights related to automated decision-making (Art. 22): Not be subject to solely automated decisions with significant effects

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law:

Account data: Retained for the duration of your account plus 3 years
API request logs: Retained for 90 days for security and billing purposes
Billing records: Retained for 7 years as required by financial regulations

7. Data Transfers Outside the EEA

If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data to the same standard required within the EEA.

8. Data Security

We implement technical and organizational measures to protect your personal data, including:

Encryption of data in transit (HTTPS/TLS)
Encryption of sensitive data at rest
Access controls and authentication mechanisms
Regular security audits and vulnerability assessments

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.

10. Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your personal data in accordance with GDPR requirements. You may also contact us directly to resolve any concerns before escalating to a supervisory authority.

11. Contact Our DPO

For all GDPR-related requests and inquiries, please contact us at:
[email protected]