This Privacy Policy explains how idAItion™ ("idAItion", "we", "us") collects, uses, shares, and safeguards personal information when you: (i) visit idaition.com (the Website), (ii) use the Redirector Studio (the Portal), (iii) interact with our link‑redirect backend via NFC/QR or other connected links (the Redirects), and (iv) shop in our Online Store (the Store).
By accessing or using our services, you agree to this Policy. If you do not agree, please refrain from using our services.
1. Who we are & how to contact us
- Controller: idAItion
- Physical Address: 3234 48th Street, AP 3L, Long Island City, NY, 11103, US.
- Privacy contact: projects@idaition.com
2. Scope & key definitions
Users: visitors of the Website and/or Store shoppers.
Clients: organizations or individuals with Portal accounts to create, manage, and analyze connected objects.
End Users: individuals who interact with connected objects (NFC/QR) or direct links and are redirected to a destination URL.
The Services: covers the Website, Portal, Redirects (including analytics endpoints), and the Store.
2.1. Roles in the Treatment of Personal Information
idAItion as Controller: We are responsible for the data of our Clients (those with Portal accounts) and Users of the Online Store. This includes registration information, billing details, and service usage analytics intended to optimize the system.
idAItion as Processor: We act as technology providers (Processors) when our Clients use Lead Pages to capture information from their own end users. In this scenario, the Client is the Controller who determines the purpose of said collection, and idAItion processes the data following their instructions exclusively.
3. Information we collect
3.1. Information you provide directly
- Portal account (Clients): Name, login email (magic link), organization, internal identifiers, and preferences.
- Store (Users): Contact details (name, billing/shipping address, phone, email); Financial information (tokenized payment card details, transaction records); and Shopping Preferences (items viewed, cart additions, wishlists, and returns/exchanges).
- Support: Messages, attachments, and metadata.
- Brand kit & creatives: Logos, fonts, and design files for 3D-printed NFC/QR merchandise. You are responsible for having the necessary rights and licenses for any material you provide.
3.2. Information collected automatically
- Redirect events (NFC/QR/Links): Timestamp, object slug/ID, destination URL, browser headers (user-agent), IP address (to infer approximate city/country), and referrer.
- Website/Portal/Store: Server logs, cookies, pages viewed, time on page, and device/browser details.
- Device & Usage: We collect information about your device, browser, network connection, IP address, and how/when you navigate the Services.
IP & geolocation note: We infer only approximate location (city/country) from IP. Lookups may be performed with geolocation providers under their privacy/licensing terms.
4. Purposes and legal bases (GDPR)
| Purpose | Examples | Legal basis |
|---|
| Service delivery | Portal access, slug generation, redirection | Contract |
| Analytics & improvement | Site performance, usage metrics | Legitimate interests |
| Payments & billing | Charges, subscriptions, receipts | Contract / Legal obligation |
| Customer support | Responding to inquiries | Legitimate interests / Contract |
| Compliance & security | Abuse/fraud detection | Legal obligation / Legitimate interests |
5. Cookies, SDKs & similar technologies
We use first-party and third-party cookies for essential functionality, analytics, and preferences. A cookie banner allows you to manage non-essential categories, and we honor Global Privacy Control (GPC) signals where feasible.
6. Data Retention
- Link/Redirect Technical Events (NFC/QR/Virtual): idAItion stores technical event data for 180 days. After this period, data is aggregated/anonymized or deleted.
- Lead Information (Personal Contact Data): Personal information captured via Lead Pages is retained for 90 days to allow Client access and export, after which it is permanently deleted.
- E-commerce/Account Data: For the life of the account or as required for legal/tax obligations.
7. How we share information
- Processors: We share data with service providers for payments, hosting, databases, operations/CRM, and transactional email.
- Legal compliance: we may disclose information to authorities or third parties when required by law or to protect the rights, property, and safety of idAItion, Clients, and Users.
- No Sale: We do not sell personal information.
7.1. Relationship with Shopify
Some services are hosted by Shopify. They collect and process your information to provide and improve the Services. This includes using enhanced features that incorporate data from your interactions with our Store and other merchants to help protect and grow our business (e.g., fraud prevention). You can learn more via the Shopify Consumer Privacy Policy.
8. Security
We apply technical measures including encryption in transit, access controls, and environment segregation. We recommend secure session practices like magic links.
9. Your privacy rights
9.1. EU/EEA/UK (GDPR)
You have the rights of access, rectification, erasure, portability, restriction, and objection. Where processing is based on consent, you may withdraw it at any time. Contact: projects@idaition.com.
9.2. United States state laws (e.g., California CPRA; Colorado/Connecticut/Virginia, etc.)
Depending on your state, you may have the rights to: know/access, correct, delete, opt out of Sale/Sharing and targeted advertising, limit the use/disclosure of sensitive information, and non‑discrimination for exercising rights. Submit a verifiable request to projects@idaition.com with subject "Privacy Rights Request".
GPC: We honor Global Privacy Control signals to stop "sharing" for advertising where applicable.
9.3. Notice at collection (California and similar regimes)
Categories collected: identifiers (e.g., email, device IDs), commercial information (orders), internet/network activity (pages/events/logs), geolocation (approximate city/country via IP), inferences (aggregated metrics only), and customer records (billing/shipping). Sources: you, your device/activity, and service providers. Purposes: as outlined in Sections 4–6. Retention: as in Section 6. Disclosure: to processors listed in Section 7. Sale/Sharing: we do not sell; we only share for processing as described; opt‑out mechanisms provided where required.
10. Processing Services for Clients
idAItion facilitates the connection between the physical and digital worlds, allowing Clients to collect strategic data through hybrid interactions.
- Omnichannel Interaction: Data may be captured via physical interactions (NFC/QR) or virtual interactions through direct links shared on social networks or digital profiles.
- Voluntary Capture: Information is obtained when an end user chooses to complete a form on a destination page provided by the idAItion system on behalf of the Client.
- Consent and Transparency: The system blocks form submission until the end user accepts idAItion's terms and the notice that their data will be shared with the Client.
- Client Responsibility: idAItion does not control the subsequent use the Client makes of these leads. Clients must use analytics and leads in accordance with applicable law and their own privacy notices.
10.1. Lead Storage and Protected Export
- Storage Infrastructure: Captured leads are stored within secure server infrastructures with strict access controls and encryption in transit.
- Protected Export: Clients may download leads via compressed and encrypted files. The system generates automatic decryption keys sent only to the registered email of the account holder.
- Technical Audit: idAItion reserves the right to audit or automatically scan the content of capture pages to prevent fraud, phishing, or activities that violate our community standards.
11. Children's privacy
Our services are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children.
12. Creative assets & file handling
For personalized products, we process uploaded files for preview, production, and quality assurance. Brand assets are retained for the project duration and a reasonable period for reorders.
13. Databases, logs & processing location
We process data using infrastructure located in the U.S. and/or the EU, depending on provider availability. Where applicable, we apply international transfer safeguards (see §7).
14. Changes to this Policy
We may update this Policy to reflect changes. Material changes will be notified via banner or email.
15. Use of Artificial Intelligence (AI)
idAItion utilizes advanced Artificial Intelligence and Large Language Models (LLMs) to enhance service delivery, design efficiency, and analytical insights.
- Generative AI for Design: We use AI tools to assist in the creation of personalized Lead Pages and the generation of creative assets (such as images, stylized backgrounds, or layouts). These tools process design preferences and brand assets provided by the Client to produce high-fidelity marketing materials.
- Privacy-First Data Analysis: For service improvement and reporting, we utilize AI to analyze event trends. This processing is performed using aggregated and anonymized JSON summaries of event metadata. No personally identifiable information (PII) of End Users (leads) is shared with these AI providers.
- Data Training Policy: We utilize enterprise-grade API integrations that, by default, do not use idAItion's proprietary data or Client information to train their public models.
16. AI Service Disclaimers
While our AI integrations are designed to provide high-quality outputs, the following apply:
- Accuracy of Insights: Statistical summaries or business insights generated by AI are intended for informational purposes only. idAItion does not guarantee the 100% accuracy of AI-generated predictions or data interpretations.
- Creative Content Review: The Client is solely responsible for reviewing and approving all AI-generated designs, images, and Lead Page copy before publication or use in commercial campaigns. idAItion is not liable for "hallucinations" or inaccuracies produced by third-party generative models.
- Intellectual Property: Clients must ensure they have the necessary rights to any brand assets they provide as "prompts" or inputs for AI processing. idAItion grants the Client rights to the final outputs as per our standard Terms of Service, subject to the licensing terms of the underlying AI providers.
17. Exercising your rights / contacting us
Email: projects@idaition.com
Suggested subject: "Privacy Rights Request"
18. Related documents
- Terms of Service
- Data Processing Addendum (DPA) for Clients (available upon request)
Questions about this Policy or need another language version? Contact projects@idaition.com.