Privacy Policy

Effective Date: 09/30/2025

1. Who We Are

Isaco (“we,” “us,” “our”) provides [describe services]. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with applicable laws, including the EU General Data Protection Regulation (“GDPR”) and U.S. state privacy laws (such as the California Consumer Privacy Act as amended by the CPRA).

2. Data We Collect

We collect the following categories of information:

  • Identifiers: Name, email, phone number, account credentials.
  • Commercial Information: Purchase history, service usage.
  • Technical Data: IP address, browser type, device identifiers, cookies.
  • Financial Data: Payment card details (processed via third-party providers).
  • Geolocation Data: Approximate location derived from IP.
  • User-Generated Content: Files, messages, or other content you upload.

We do not knowingly collect data from children under 16.

3. How We Use Your Data

We use personal data for:

  • Providing, personalizing, and improving services.
  • Processing transactions and payments.
  • Customer support and communication.
  • Security, fraud prevention, and legal compliance.
  • Marketing and analytics (with opt-out/consent where required).

Legal Basis (GDPR): Contract performance, legal obligation, legitimate interests, and consent where applicable.

4. How We Share Your Data

We may share your personal data with:

  • Service Providers: Hosting, analytics, payment processors, customer support.
  • Business Transfers: In the event of a merger, acquisition, or sale.
  • Legal Compliance: Where required by law or legal request.
  • Advertising Partners: Only with consent (EU) or subject to opt-out rights (US).

We do not sell personal data in the traditional sense. However, we may “share” personal data for targeted advertising as defined under U.S. laws.

5. International Data Transfers

If you are in the EEA, UK, or Switzerland, we may transfer your data outside your region. Where we do, we use safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions where applicable.

6. Your Rights

Under GDPR (EU/UK/EEA):

  • Access your data.
  • Correct inaccuracies.
  • Erase your data (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent.
  • Lodge a complaint with your supervisory authority.

Under U.S. State Laws (e.g., CCPA/CPRA):

  • Right to know categories and specific data collected.
  • Right to delete personal data.
  • Right to correct inaccurate information.
  • Right to opt-out of sale/sharing of personal data.
  • Right to non-discrimination for exercising your rights.

7. Data Retention

We retain personal data as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and resolve disputes.

8. Security

We implement technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

9. Cookies and Tracking

We use cookies and similar technologies for functionality, analytics, and advertising. EU/UK users will be asked for consent before non-essential cookies are set. U.S. users may opt-out through browser settings or our “Do Not Sell/Share My Personal Information” link.