Privacy Policy

Effective date: June 1, 2025 · Infinite Technologies · GDPR Compliant

Our commitment in plain language: We do not sell, rent, share, or use your data for advertising, marketing, or targeting purposes. Your data belongs to you. We only process the minimum necessary to provide our Services.

1. Who We Are

Infinite Technologies ("we", "us", "our") is the data controller responsible for your personal data. We are a software company that develops and operates subscription-based SaaS applications. You can reach our privacy team at:

Email: privacy@infinitechs.online
Website: infinitechs.online

2. What Data We Collect & Why

We collect only the data that is strictly necessary to provide, maintain, and improve our Services. The legal bases under GDPR are noted for each category.

Data Category	Examples	Purpose	Legal Basis (GDPR)
Account data	Name, email, password (hashed)	Account creation & authentication	Contract (Art. 6(1)(b))
Billing data	Subscription plan, invoice history	Processing payments via Paddle	Contract (Art. 6(1)(b))
Usage data	Feature usage logs, session metadata	Service reliability & debugging	Legitimate interest (Art. 6(1)(f))
Support data	Messages sent to support	Responding to your requests	Contract (Art. 6(1)(b))
Technical data	IP address, browser type, timezone	Security, fraud prevention	Legitimate interest (Art. 6(1)(f))

We do not collect sensitive personal data (health, biometric, racial, political, or religious data) and we do not collect data from children under 16.

3. How We Use Your Data

Your data is used exclusively to:

Provide, operate, and maintain the Services you subscribed to;
Send transactional emails (account confirmation, password resets, invoices, service notices);
Detect and prevent fraud, abuse, and security threats;
Comply with legal obligations (e.g. tax records, GDPR requests).

We do not use your data for behavioural advertising, profiling, or marketing. We do not sell or share your data with third parties for their own marketing purposes.

4. Customer Content & Data Isolation

Any data you create, store, or process within our applications ("Customer Content") belongs entirely to you. We operate with a strict principle of data isolation:

Infinite Technologies employees and contractors do not access, view, or analyse your Customer Content under any normal operating circumstance;
Access may only occur if explicitly requested by you for technical support, or if required by law;
Your Customer Content is never used to train models, improve our products, or for any other internal purpose without your explicit, written consent.

5. Cookies & Tracking

We use only essential, functional cookies necessary to operate our Services (e.g. session authentication). We do not use advertising cookies, tracking pixels, or third-party analytics that profile you across websites. You may control cookies through your browser settings.

6. Third-Party Sub-Processors

We share limited data with trusted sub-processors who assist us in delivering our Services. All sub-processors are bound by data processing agreements and are GDPR-compliant:

Paddle – Payment processing and billing (acts as Merchant of Record; see Paddle Privacy Policy);
Cloud infrastructure provider – Secure hosting of application data (EU or adequately protected region);
Email delivery provider – Transactional email delivery only.

We do not integrate advertising networks, social media pixels, or data brokers into our Services.

7. International Data Transfers

If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision. You may request details of applicable transfer mechanisms by contacting us.

8. Data Retention

We retain your personal data only for as long as necessary:

Active account: for the duration of your subscription;
After cancellation: up to 90 days, to allow account recovery and handle outstanding support requests;
Billing records: up to 7 years, as required by tax and accounting obligations;
Anonymised analytics: may be retained indefinitely as they cannot be linked to you.

9. Your Rights Under GDPR

If you are in the European Economic Area or the UK, you have the following rights:

Right of Access Obtain a copy of the personal data we hold about you.

Right to Rectification Correct inaccurate or incomplete data.

Right to Erasure Request deletion of your data ("right to be forgotten").

Right to Restriction Limit how we process your data in certain circumstances.

Right to Portability Receive your data in a structured, machine-readable format.

Right to Object Object to processing based on legitimate interests.

Right to Withdraw Consent Where processing is consent-based, withdraw at any time.

Right to Complain Lodge a complaint with your local supervisory authority.

To exercise any right, contact us at privacy@infinitechs.online. We will respond within 30 days as required by GDPR. Requests are free of charge unless manifestly unfounded or excessive.

10. Data Security

We implement industry-standard technical and organisational security measures to protect your data, including:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256);
Access controls and role-based permissions for internal systems;
Regular security assessments and vulnerability management;
Incident response procedures with GDPR-compliant breach notification (within 72 hours to authorities; without undue delay to affected users, where required).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a prominent in-app notice at least 14 days before they take effect. The "Effective date" at the top of this page will always reflect the most recent version.

12. Contact & Complaints

For any privacy-related questions or to exercise your rights, contact us at privacy@infinitechs.online.

If you are not satisfied with our response, you have the right to lodge a complaint with a data protection supervisory authority in your country of residence.

→ Terms of Service → Refund Policy