Privacy Policy

Last Updated: September 14, 2025

todoid.com (“todoid”, “we”, “our”, or “us”) respects your privacy. This Privacy Policy explains how we collect, use, and share information when you visit our website, submit listings, or interact with our services.

1. Controller & Contact

Controller: [LEGAL ENTITY NAME], [REGISTERED ADDRESS], [COUNTRY].
Email (all issues): contact@todoid.com

2. Information We Collect

Account Information: Name, email, organization, role.
Submission Data: Product/release metadata, logos, media, JSON-LD/Schema.org tags, identifiers for publication.
Approval Workflow: Final card/page designs sent for confirmation. If not confirmed within 10 days, drafts may be erased or archived (see Retention).
Consent Records: Checkbox acceptance of Terms/Privacy, timestamps, IP, user-agent, and form version. Stored in our email, database, or locally; we may also keep records in version control (git) and cloud services.
Usage Data: IP, browser, device, pages, timestamps.
Cookies: Essential cookies for site operation; optional analytics cookies with your consent. See our Cookie Policy.

2a. Verification Artifacts

Authority Proof: Copies of emails from official company domains, signed letters on company letterhead, or role verification data used to confirm edit/removal authority.
Request Logs: Timestamps, requester identity, request type (edit/removal/correction), and action outcome for auditability.

3. How We Use Information

Provide and improve registry services and identifiers;
Process and publish submissions, generate structured data;
Communicate regarding submissions and approvals;
Detect, prevent, and address fraud/abuse/security;
Comply with legal obligations.

3a. Use of Verification Artifacts

We use verification artifacts to authenticate authority for company listing requests, prevent abuse, maintain an audit trail, and comply with legal obligations.

4. Lawful Bases (GDPR/UK GDPR)

Contract: to process submissions and provide services.
Legitimate Interests: service security, logs, product improvement.
Consent: analytics/marketing cookies and optional communications; you can withdraw consent anytime.
Legal Obligation: compliance with applicable laws.

5. Image Processing (Logos)

If you provide logos or images, we may resize and convert them to JPEG for performance and layout consistency, without changing proportions (only dimensions).

6. Sharing & Disclosure

Public Registry: Submitted product/release data is published openly and may be indexed by search engines and third parties. We avoid publishing personal data in public records.
Service Providers: We use third-party providers and infrastructure (e.g., owners of the Java Virtual Machine, database services, and cloud hosting such as AWS). We depend on these providers, who operate under their own rules, terms, and compliance obligations, and we implement appropriate safeguards when using their services.
Version Control: We may keep non-public submission records and change history in private git repositories for auditability.
Legal: Disclosures required by law or to protect rights and safety.

We publish company listing data publicly (generally non-personal) and avoid publishing personal contact details unless expressly supplied for public display.

7. International Transfers

Where personal data is transferred outside the EEA/UK, we implement appropriate safeguards (e.g., EU SCCs/UK IDTA).

8. Data Retention

Public Registry Data: Retained indefinitely to preserve stable references (generally non-personal).
Approval Drafts: Final card/page designs awaiting your approval are kept up to 10 days. If not confirmed, we may erase or archive drafts at our discretion.
Account & Contact Data: Kept for the life of your account and up to 24 months after last activity or ticket resolution, unless longer retention is required by law or for legal claims.
Consent Records: Retained as needed to demonstrate compliance.

Verification Artifacts & Request Logs: Retained for up to 24 months after request closure to defend against disputes and prevent abuse, unless longer retention is required by law.

9. Your Rights

Subject to law, you may have the right to access, rectify, erase, restrict, object, data portability, and withdraw consent. You can contact us at contact@todoid.com. You also have the right to lodge a complaint with your supervisory authority.

Company representatives who provided verification artifacts may exercise applicable data rights (e.g., access or erasure) by emailing contact@todoid.com. We may request reasonable information to confirm identity and authority.

10. Cookies

See our Cookie Policy. You can manage consent via the banner and “Cookie Settings.”

11. Security

We implement reasonable technical and organizational measures. No method is 100% secure. If a breach likely to pose high risk occurs, we will notify you and regulators as required.

If a security incident affects verification artifacts or request logs and poses a likely high risk, we will notify affected contacts and regulators as required.

12. Children

Not intended for children under 16.

13. Changes

We may update this Privacy Policy; changes take effect upon posting.

14. Contact

All privacy and general issues: contact@todoid.com