This Privacy Policy explains how idAItion™ ("idAItion", "we", "us") collects, uses, shares, and safeguards personal information when you: (i) visit idaition.com (the Website), (ii) use the Redirector Studio (the Portal), (iii) interact with our link‑redirect backend via NFC/QR or other connected links (the Redirects), and (iv) shop in our Online Store (the Store).

By accessing or using our services, you agree to this Policy. If you do not agree, please refrain from using our services.

​

1) Who we are & how to contact us

​

Controller: idAItion™ (legal entity name to be confirmed).
Privacy contact: projects@idaition.com
 

2) Scope & key definitions

​

• Users: visitors of the Website and/or Store shoppers.

• Clients: organizations or individuals with Portal accounts to create, manage, and analyze connected objects (NFC/QR).

• End Users: individuals who interact with connected objects by tapping/scanning NFC/QR and are redirected to a destination URL.

• ​

This Policy covers the Website, Portal, Redirects (including analytics endpoints), and the Store. Additional services may have supplemental terms.

​

3) Information we collect

​

3.1. Information you provide directly

• Portal account (Clients): name, login email (magic link), organization, internal identifiers (e.g., Client ID, Public Key), account preferences.

• Store (Users): billing/shipping details, email, optional phone, order history, refunds/support.

• Support: messages, attachments, communication metadata.

• Brand kit & creatives: logos, color palettes, fonts, product images, final artwork, and design files for 3D‑printed NFC/QR merchandise (including digital proofs and routing/toolpath previews). You are responsible for having the necessary rights and licenses for any material you provide.

​

3.2. Information collected automatically

• Redirect events (NFC/QR): timestamp, object slug/ID, destination URL/endpoint, browser headers (user‑agent), IP address (used to infer approximate location such as city/country via services like MaxMind GeoIP), referrer, UTM/campaign tags (if present), and result (success/error).

• Website / Portal / Store: server logs, cookies/pixels, pages viewed, time on page, clicks, device/browser, language, time zone.

​

 

IP & geolocation note: We infer only approximate location (city/country) from IP. Lookups may be performed with providers such as MaxMind under their privacy/licensing terms.

​

 

3.3. Information from third parties / integrations

• Payments: Stripe (tokenization and payment processing; we do not store full card numbers).

• CRM/Operations: Notion (client/objects management), transactional email (Postmark), email marketing tools (if any).

• Infrastructure & analytics: Vercel/Render (hosting/APIs), PostgreSQL (metrics), web analytics and error monitoring providers.

• IP geolocation: MaxMind GeoIP for approximate location inference.

• AI / image processing (for products like lithophanes or stylized assets): tools such as Stable Diffusion, ControlNet, IP‑Adapter (or equivalents), operated with safety filters and compliance controls.

• Design/layout: Canva for proofs/templates where convenient, subject to its terms and licenses.

​

4) Purposes and legal bases (GDPR)

​

​​

​

​

​

​

​

​

​

​

​

​

​

​

​

 

 

​

You may withdraw consent (e.g., for marketing) at any time without affecting prior lawful processing.

​

5) Cookies, SDKs & similar technologies

​

We use first‑party and third‑party cookies/SDKs for: (i) essential functionality (session/login), (ii) aggregated analytics, (iii) preferences, and (iv) consent‑based marketing. A cookie banner/preferences center will allow you to accept/deny non‑essential categories. DNT/GPC (Global Privacy Control) signals are honored to disable ad‑related sharing where technically feasible.

​

6) Data retention

​

• Link/Redirect events (NFC/QR): idAItion stores event data for 180 days regardless of the plan contracted. After 180 days, data are aggregated/anonymized or deleted unless longer retention is required by law, security, or fraud‑prevention needs.

• Accounts & billing: for the life of the account and any additional period required by law (e.g., tax/accounting).

• Support: for a reasonable period for traceability and service improvement.

• ​

7) How we share information

​

• Processors (service providers):

  • Stripe (payments), Shopify/Wix (e‑commerce/checkout, if applicable), Vercel/Render (hosting), PostgreSQL (databases/metrics), Notion (operations/CRM), Postmark (transactional email), MaxMind (IP geolocation), AI providers (image generation/processing with safeguards), email marketing and error monitoring/web analytics tools.

  • These processors act under contracts (including DPAs) and implement appropriate security measures.

• Legal compliance: we may disclose information to authorities or third parties when required by law or to protect the rights, property, and safety of idAItion, Clients, and Users.

• International transfers: when transferring data outside your jurisdiction, we implement appropriate safeguards (e.g., EU/UK Standard Contractual Clauses and additional transfer impact assessments as needed).

​

We do not sell personal information. We do not share for cross‑context behavioral advertising without express consent where required by law.

​

8) Security

​

We apply reasonable technical and organizational measures (encryption in transit, access controls, logging, environment segregation). No system is 100% secure; we recommend using strong/unique credentials and secure session practices (e.g., magic links).

​

9) Your privacy rights

​

9.1. EU/EEA/UK (GDPR)

You have the rights of access, rectification, erasure, portability, restriction, and objection. Where processing is based on consent, you may withdraw it at any time. Contact: projects@idaition.com.

​

9.2. United States state laws (e.g., California CPRA; Colorado/Connecticut/Virginia, etc.)

Depending on your state, you may have the rights to: know/access, correct, delete, opt out of Sale/Sharing and targeted advertising, limit the use/disclosure of sensitive information, and non‑discrimination for exercising rights. Submit a verifiable request to projects@idaition.com with subject “Privacy Rights Request”.

GPC: We honor Global Privacy Control signals to stop “sharing” for advertising where applicable.

​

9.3. Notice at collection (California and similar regimes)

Categories collected: identifiers (e.g., email, device IDs), commercial information (orders), internet/network activity (pages/events/logs), geolocation (approximate city/country via IP), inferences (aggregated metrics only), and customer records (billing/shipping). Sources: you, your device/activity, and service providers. Purposes: as outlined in Sections 4–6. Retention: as in Section 6. Disclosure: to processors listed in Section 7. Sale/Sharing: we do not sell; we only share for processing as described; opt‑out mechanisms provided where required.

​

10) Service‑specific: Redirects (NFC/QR)

​

• When an End User taps/scans a connected object, our backend logs a technical event (see §3.2) to route to the destination URL and to produce aggregated analytics for the owning Client.

• Clients do not receive full IPs or directly identifying information about End Users; they access aggregated metrics (e.g., hits by city, device, time range).

• Clients must use analytics in accordance with applicable law and their own privacy notices to their audiences (e.g., placing privacy notices where they direct traffic).

​

11) Children’s privacy

 

Our services are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child provided information, contact us to delete it.

 

12) Creative assets & file handling

 

For personalized products (e.g., lithophanes, mini‑figures, others), we process images/files you upload for: preview, digital proof, production (3D printing), quality assurance, and delivery. We may keep minimal versions necessary for traceability, warranties, and abuse prevention, following limited retention periods. You may request deletion where legally permissible.

​

Brand assets & NFC/QR merchandise designs: We retain logos, artwork, and design files for the duration of the project and for reasonable periods to enable re‑orders/support (unless deletion is requested). When we use tools like Canva to prepare proofs/style guides, we do so under Canva’s licenses/terms; we do not resell your assets.

​

13) Databases, logs & processing location

​

We process data using infrastructure located in the U.S. and/or the EU, depending on provider availability. Where applicable, we apply international transfer safeguards (see §7).

​

14) Changes to this Policy

​

We may update this Policy to reflect legal, technical, or business changes. The current version will be indicated by the “Last updated” date. For material changes, we will provide reasonable notice (e.g., banner or email).

​

15) Exercising your rights / contacting us

​

• Email: projects@idaition.com

• Suggested subject: “Privacy Rights Request”

• Include: country/state of residence, the right(s) you wish to exercise, and details necessary for identity verification.

​

16) SEO‑friendly quick summary

​

• What we collect: account data, tokenized payments, technical NFC/QR event data (IP for approximate geolocation), cookies/analytics, and brand assets for 3D‑printed merchandise.

• Why: deliver services, security, aggregated analytics, improvements, support, billing, consent‑based marketing.

• With whom: contracted processors (Stripe, hosting, databases, analytics, CRM/Notion, Postmark, MaxMind, AI tools, Canva).

• Your rights: access, correction, deletion, portability; U.S. opt‑out rights where applicable.

• Retention: 180 days for link events (all plans); then aggregate/anonymize or delete.

• Security: encryption in transit, access controls, good practices.

​

17) Reference list of processors (subject to change)

​

• Payments: Stripe.

• E‑commerce: Shopify and/or Wix (depending on deployment).

• Hosting/Infra: Vercel, Render.

• Databases/Metrics: Managed PostgreSQL.

• Operations/CRM: Notion.

• Transactional email: Postmark.

• IP geolocation: MaxMind GeoIP.

• AI/Image: tools such as Stable Diffusion, ControlNet, IP‑Adapter (or equivalents) with safety/compliance filters.

• Design/Proofing: Canva (where applicable, subject to licenses).

• Error monitoring/web analytics: (pixeles).

 

Important: We will update this list when we add or remove material processors.

 

18) Related documents

​

• Terms of Service 

• Data Processing Addendum (DPA) for Clients (available upon request)

• Cookie Policy 

​

Developer/Client technical notes (informational)

​

• The Portal and APIs generate slugs per client and connected object; metrics are associated with those slugs.

• When a link/slug is deleted, aggregated analytics may persist for statistical and security purposes; direct identifiers are minimized/aggregated per §6.

• The analytics retention window is fixed at 180 days for Redirect events across all plans, after which we aggregate/anonymize or delete the underlying logs.

 

Questions about this Policy or need another language version? Contact projects@idaition.com.