Legal

Privacy Policy

Last updated: March 2025

1. Introduction

Welcome to ideployed ("we", "us", "our"). We provide a cloud-based platform that enables users to deploy and manage applications (e.g. JTL-Shop instances) in a secure, fully managed cloud environment.

We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR).

2. Data Controller

ideployed UG (haftungsbeschränkt)

Torgauer Strasse 231–233, 04347 Leipzig, Deutschland

Email: [email protected]

3. What Data We Collect

3.1 Account Data

Name, email address
Company name (optional)
Phone number (optional)
Password (hashed)
Account preferences (language, plan tier)

3.2 Usage & Technical Data

IP address (processed via Cloudflare)
User agent (hashed/anonymized in logs)
Login activity and audit logs
Tenant metadata (subdomain, deployment status)

3.3 Payment Data

Managed via third-party providers (e.g. Stripe)
We do not store full payment details

3.4 Application Data (Customer Data)

Data stored inside deployed tenant applications (e.g. JTL-Shop databases, files) is controlled by you (the customer).

4. Purpose of Processing

Provide and operate the ideployed platform
Manage user accounts and authentication
Provision and maintain tenant environments
Ensure system security and prevent abuse
Provide support and communication
Meet legal obligations

5. Legal Basis (Art. 6 GDPR)

Contract performance (Art. 6(1)(b)) – service delivery
Legal obligation (Art. 6(1)(c))
Legitimate interest (Art. 6(1)(f)) – security, monitoring
Consent (Art. 6(1)(a)) – cookies, marketing (if applicable)

6. Data Storage & Infrastructure

Managed cloud infrastructure (fully isolated environments)
Managed databases (PostgreSQL / MySQL)
Object storage (e.g. backups, logs)
CDN / DNS providers (Cloudflare)

We primarily host data within the European Economic Area (EEA).

7. Data Sharing

We only share data with:

Infrastructure providers (e.g. cloud hosting)
Payment providers
Monitoring/alerting systems (e.g. Grafana, Prometheus)

We do not sell your data.

8. Data Retention

Account data: retained while account is active
Logs: retained for security and debugging (limited retention)
Backups: retained according to system policy
Deleted tenants: data removed or anonymized within a reasonable period

9. Security Measures

TLS encryption (HTTPS)
Isolated tenant environments (namespaces, network policies)
Role-based access control (RBAC)
Encrypted credentials and secrets
Monitoring and alerting systems

10. Your Rights

Under GDPR, you have:

Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21)

Contact: [email protected]

11. Cookies

We use cookies for authentication sessions, security, and preferences. See our Cookie Policy for details.

12. Changes

We may update this policy. Users will be notified of significant changes.