1. About this policy

This Privacy Policy explains how iDelegate (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use our services, including the iDelegate platform, websites, and related applications (collectively, the “Service”).

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data controller

For the purposes of applicable data protection laws, iDelegate acts as a controller of such data. If you have questions about this Privacy Policy or your data, you may contact us at:
privacy@idelegate.io.

3. Personal data we collect

We collect the following categories of personal data:

2.1 Data you provide

We collect and store data that you may input or change in the system including name, surname, job title, account credentials, support requests, uploaded documents or content and preferences and settings.

2.2 Data collected automatically

We collect data pertaining to your visits such as IP address, browser type and version, device information, log data (timestamps, pages visited, errors) and authentication events (login, logout, MFA events).

We do not use tracking cookies or marketing cookies unless explicitly stated.

2.3 Data processed on behalf of clients

Because your company uses iDelegate to manage internal policies, documents, or workflows, we process the data you upload as a data processor, not a controller.

This data includes: user accounts created by your organisation, policy documents, delegation workflows, audit logs and internal notes.

Your organisation remains responsible for this data.

4. Legal basis for processing

We process personal data under the following legal bases:

  • Contractual necessity – to provide and operate the Service
  • Legitimate interest – to secure, improve, and support the Service
  • Legal obligation – to comply with applicable laws
  • Consent – where explicitly required (e.g., optional analytics)

5. How we use personal data

We use personal data to:

  • Provide access to the Service
  • Authenticate users and secure accounts
  • Deliver notifications and administrative messages
  • Improve platform performance and reliability
  • Provide customer support
  • Maintain audit logs for security and compliance
  • Prevent fraud and unauthorised access
  • Comply with legal obligations

We do not sell personal data.

6. Cookies and tracking technologies

iDelegate service uses essential cookies only, such as session cookies, CSRF protection cookies, and authentication cookies. These are required for the platform to function.

If we introduce analytics or non‑essential cookies in the future, we will update this policy and request consent where required.

7. Data sharing and sub‑processors

We may share data with trusted service providers who help us operate the Service, such as cloud hosting providers, email delivery services, authentication/MFA providers and error monitoring tools.

All sub‑processors are bound by GDPR‑compliant Data Processing Agreements (DPAs).

We do not share data with advertisers or data brokers. A current list of sub‑processors is available upon request.

8. International data transfers

If personal data is transferred outside the EU/EEA or your iDelegate installation’s location, we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs), adequacy decisions and equivalent protection measures.

9. Data retention

We retain personal data only as long as necessary for providing the Service, fulfilling contractual obligations, meeting legal and regulatory requirements or resolving disputes.

Audit logs and security logs may be retained for compliance purposes.

When data is no longer required, it is securely deleted.

10. Your rights under GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent (where applicable)

To exercise your rights, contact: privacy@idelegate.io. We will respond within the legally required timeframe.

11. Security Measures

We implement industry‑standard security measures, including encryption, multi‑factor authentication, access controls, audit logging, regular security reviews and secure development practices.

No system is 100% secure, but we take all reasonable steps to protect your data.

12. Data processing on behalf of organisations

We process data only on behalf of corporate clients. If you use iDelegate as part of your employer’s account:

  • Your employer is the data controller
  • iDelegate is the data processor
  • We process data strictly according to your employer’s instructions

A Data Processing Agreement (DPA) is available upon request.

13. Changes to this policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or in‑app notifications.

14. Contact us

For questions, concerns, or GDPR requests, email: privacy@idelegate.io or visit our website: https://idelegate.io