JTL HostingFeaturesPricingSecurityAbout
Sign inStart Now
JTL HostingFeaturesPricingSecurityAbout
Sign inStart Now

Managed hosting for serious commerce.

All systems operational

Product

  • JTL Hosting
  • Features
  • Pricing
  • Security & Reliability
  • FAQ

Company

  • About
  • Blog
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • DPA / AVV
  • Imprint
  • Cookie Preferences

© 2026 ideployed. All rights reserved.

Made in Europe 🇪🇺

Legal

Privacy Policy

Last updated: April 2025

1. Introduction

Welcome to iDeployed ("we", "us", "our"). We provide a cloud-based platform that enables users to deploy and manage applications (e.g. JTL-Shop instances) in a secure, fully managed cloud environment.

We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR).

2. Data Controller

iDeployed UG (haftungsbeschränkt)

Torgauer Straße 231-233, 04347 Leipzig, Deutschland

Email: [email protected]

Tel: 0172 6282363

Managing Director: Hamid Wakili

3. What Data We Collect

3.1 Account Data

  • Name, email address
  • Company name (optional)
  • Phone number (optional)
  • Password (hashed)
  • Account preferences (language, plan tier)

3.2 Usage & Technical Data

  • IP address (processed via Cloudflare)
  • User agent (hashed/anonymized in logs)
  • Login activity and audit logs
  • Tenant metadata (subdomain, deployment status)

3.3 Payment Data

  • Managed via third-party providers (e.g. Stripe)
  • We do not store full payment details

3.4 Application Data (Customer Data)

Data stored inside deployed tenant applications (e.g. JTL-Shop databases, files) is controlled by you (the customer).

4. Purpose of Processing

  • Provide and operate the iDeployed platform
  • Manage user accounts and authentication
  • Provision and maintain tenant environments
  • Ensure system security and prevent abuse
  • Provide support and communication
  • Meet legal obligations

5. Legal Basis (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)) – service delivery
  • Legal obligation (Art. 6(1)(c))
  • Legitimate interest (Art. 6(1)(f)) – security, monitoring
  • Consent (Art. 6(1)(a)) – analytics cookies, marketing (if applicable)

6. Hosting & Infrastructure

6.1 Google Cloud Platform

We host our services on Google Cloud Platform (GCP), region europe-north2 (Stockholm, Sweden). Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Processing is based on Art. 6(1)(f) GDPR. A data processing agreement pursuant to Art. 28 GDPR is in place with Google.

6.2 Google Analytics 4

We use Google Analytics 4 (GA4) provided by Google Ireland Limited. GA4 is only activated with your explicit consent pursuant to Art. 6(1)(a) GDPR, which you can grant via our consent management tool (Usercentrics). IP addresses are anonymized. You can withdraw your consent at any time via the cookie settings.

6.3 Usercentrics (Consent Management)

We use Usercentrics as our Consent Management Platform (CMP). Provider: Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Germany. Legal basis: Art. 6(1)(c) GDPR (legal obligation to obtain consent). Further information: usercentrics.com/privacy-policy/

7. Data Sharing

We only share data with:

  • Google Cloud Platform (infrastructure hosting, GCP europe-north2)
  • Payment providers
  • Monitoring and alerting systems

We do not sell your data.

8. Customer Data (Order Processing)

As part of our SaaS services, we process data of our business customers (controllers) as a data processor pursuant to Art. 28 GDPR. Data is stored exclusively in the GCP region europe-north2 (Stockholm, Sweden). A Data Processing Agreement (DPA) is in place with each customer.

Our DPA is available at: ideployed.com/legal/dpa

9. Data Retention

  • Account data: retained while account is active
  • Logs: retained for security and debugging (limited retention)
  • Backups: retained according to system policy
  • Deleted tenants: data removed or anonymized within 30 days

10. Security Measures

  • TLS encryption (HTTPS)
  • Isolated tenant environments
  • Role-based access control (RBAC)
  • Encrypted credentials and secrets
  • Monitoring and alerting systems

11. Your Rights

Under GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

Please direct requests to: [email protected]

12. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority:

Saxon Data Protection Commissioner

Devrientstraße 5, 01067 Dresden

www.saechsdsb.de

13. Cookies

We use cookies. Your cookie preferences are managed via Usercentrics. You can change your settings at any time via the "Cookie Preferences" link in the footer.

→ Manage cookie preferences

14. Related Pages

  • Terms of Service (AGB)
  • DPA (Data Processing Agreement / AVV)
  • Imprint

15. Changes

We may update this policy. Users will be notified of significant changes.