GDPR
Last updated: Jan 1, 2026
Ideali (“Ideali”, “we”, “our”, or “us”) operates a software-as-a-service (SaaS) donation platform that enables organizations and individuals to collect and manage donations online (the “Service”).
This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
- Data Controller
Ideali acts as a Data Controller for personal data processed in connection with user accounts, platform operations, and website usage.
Controller: Ideali
Contact Email: info@ideali.io
If you have any questions about this Privacy Policy or your personal data, you may contact us using the details above.
- Personal Data We Collect
We may collect and process the following categories of personal data:
2.1 Account & Organization Data
- Full name
- Email address
- Organization name
- Role or title
- Account login credentials
2.2 Donor Data
- Name
- Email address
- Donation amount
- Donation date and frequency
- Optional donor messages
Note: Ideali does not store full payment card details. Payments are processed by certified third-party payment providers.
2.3 Technical & Usage Data
- IP address
- Browser type and device information
- Log files and usage statistics
- Cookies and similar technologies
- Legal Bases for Processing (GDPR Article 6)
We process personal data only when at least one legal basis applies:
- Performance of a contract – to provide the Service
- Legal obligation – accounting, tax, and compliance requirements
- Legitimate interests – platform security, fraud prevention, and service improvement
- Consent – marketing communications or optional cookies
You may withdraw consent at any time.
- How We Use Personal Data
We use personal data to:
- Provide and operate the Ideali platform
- Process and manage donations
- Communicate with users and donors
- Ensure platform security and prevent fraud
- Improve performance and user experience
- Meet legal and regulatory obligations
- Data Processors & Third Parties
Ideali may share personal data with trusted Data Processors, including:
- Payment processors
- Cloud hosting providers
- Analytics and monitoring services
- Customer support tools
All processors are contractually bound to comply with GDPR and process data only on our instructions.
- International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards, including:
- EU Standard Contractual Clauses (SCCs)
- Transfers to countries with an EU adequacy decision
- Data Retention
We retain personal data only as long as necessary:
- Account data: for the duration of the account + legal retention period
- Donation records: as required by financial and tax laws
- Technical logs: typically up to 12 months
After expiration, data is securely deleted or anonymized.
- Your GDPR Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”)
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
To exercise your rights, contact us at info@ideali.io
Know Your GDPR Rights
The GDPR gives you powerful rights over your personal data. Here’s what you can do.
Legal Bases for Processing
We only process your data when we have a lawful basis to do so
Consent
When you explicitly agree to data processing
Contract
Processing necessary to fulfill our service agreement
Legal Obligation
When we must comply with legal requirements
Legitimate Interest
For business purposes that don’t override your rights
How We Protect Your Data
Technical and organizational measures we employ
Encryption at Rest
AES-256 encryption for all stored data
Encryption in Transit
TLS 1.3 for all data transfers
Access Controls
Role-based access with multi-factor authentication
Regular Audits
Annual third-party security assessments
Data Minimization
We only collect what’s necessary
Breach Notification
72-hour notification as required by GDPR
