This Privacy Policy describes how INDORA processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable law.
1) What data we collect
- Identification and contact: name, email, country/region, billing identifiers limited to what is necessary for payments.
- Account and service data: login, user settings, library/favorites, play or usage events, support tickets.
- Technical data: IP address, device/browser information, cookies or similar identifiers.
- Communications: messages with support, surveys, feedback.
2) Purposes and legal bases
- Provide the service and manage your account (create account, authenticate, deliver features): Art. 6(1)(b) GDPR.
- Customer support and incident management: Art. 6(1)(b) and/or 6(1)(f) GDPR.
- Billing, fraud prevention, and legal compliance: Art. 6(1)(c) GDPR.
- Product analytics and service improvement using aggregated or pseudonymised data where feasible: consent or legitimate interest after balancing test: Art. 6(1)(a)/(f) GDPR.
- Marketing communications about our own services: with consent (Art. 6(1)(a)) or, where allowed, to existing customers with opt-out (Art. 21 e-commerce rules).
3) How long we keep data
- Account data: for the life of the account; core records may be kept up to 6 years for tax/commercial obligations.
- Support tickets: up to 24 months.
- Consent records and preferences: until withdrawn or updated.
- Cookies/identifiers: per the Cookie Policy.
4) Who we share data with
- Service providers (hosting, analytics, payment processing, customer support) under Article 28 GDPR data-processing agreements.
- Authorities when legally required.
- We do not sell personal data.
5) International data transfers
Where data is transferred outside the EEA/UK, we implement appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions). Copies of the relevant safeguards can be requested at [email].
6) Your rights
You may exercise the following rights: access, rectification, erasure, restriction, objection, portability, and the right not to be subject to automated decisions with legal or similarly significant effects. To exercise them, contact us and attach proof of identity. We respond within one month. You may lodge a complaint with your local Data Protection Authority.
7) Security
We apply technical and organisational measures appropriate to risk, including encryption in transit, access controls, and regular reviews of vendor security.
8) Children
Our services are intended for users aged [18] or older. If we learn we have collected data from a child below the applicable age without consent, we will delete it.
9) Third-party links
Our Site may contain links to third-party sites. Their privacy practices are governed by their own policies.
10) Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified through the Site or by email where appropriate.