instantproof.legal
EN | NL

Privacy Policy

Last updated: June 2026

1. Data Controller

instantproof.legal operates as the data controller for personal data processed through the Service. We are committed to protecting your privacy and ensuring transparent data handling practices in compliance with the General Data Protection Regulation (GDPR).

Data Controller: instantproof.legal
Contact: privacy@instantproof.legal

2. Lawful Basis for Processing

We process your personal data on the following lawful bases:

  • Contract: Processing necessary to provide the Service and execute your certificate requests
  • Legitimate Interest: Protecting against fraud, maintaining security, improving the Service, and compliance with legal obligations
  • Legal Obligation: Compliance with applicable laws, regulations, and eIDAS requirements
  • Consent: When you explicitly opt-in to marketing communications or analytics

3. Personal Data Collected

We collect the following categories of personal data:

  • Account Information: Email address, username, and password hash (if account created)
  • Technical Data: IP address, browser type, device information, and access logs
  • Content Data: Files and web page content you submit for certification (stored for audit and verification purposes)
  • Usage Data: Timestamps, service interactions, and feature usage patterns
  • Payment Information: Transaction records and payment method details (processed by third-party payment providers)

We do not collect sensitive personal data (health, biometric, or genetic information) unless explicitly provided by you.

4. Storage and Protection

Your personal data and certificate artifacts are stored in Amazon S3 (eu-central-1 region) with the following security measures:

  • End-to-end encryption at rest (AES-256)
  • Encryption in transit (TLS 1.3)
  • Access controls and authentication mechanisms
  • Regular security audits and penetration testing
  • Data backups with recovery procedures

All data processing occurs within the European Union in compliance with eIDAS and GDPR requirements.

5. Data Retention

Personal data is retained as follows:

  • Account Data: Retained while your account is active; deleted upon request or 12 months of inactivity
  • Certificate Artifacts: Retained until you request deletion; permanent deletion within 30 days of request
  • Access Logs: Retained for 90 days for security and audit purposes
  • Payment Records: Retained for 7 years as required by tax and accounting regulations

You may request permanent deletion of your data at any time by contacting privacy@instantproof.legal.

6. Your GDPR Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15): Obtain a copy of your personal data and how it is processed
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data
  • Right to Erasure (Art. 17): Request deletion of your data (subject to legal retention obligations)
  • Right to Restrict Processing (Art. 18): Request limitation of data processing
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to Object (Art. 21): Object to processing for marketing or legitimate interest purposes
  • Right to Lodge a Complaint: File a complaint with your national Data Protection Authority

To exercise any of these rights, contact privacy@instantproof.legal.

7. Sharing of Data

We do not sell, trade, or rent your personal data to third parties. Data sharing occurs only in the following circumstances:

  • Service Providers: Third-party vendors that process data on our behalf (hosting, payment processing, analytics) under contractual obligations
  • Legal Requirements: When required by law, court orders, or government requests
  • Business Transfers: In the event of merger, acquisition, or sale of assets (you will be notified)

All third-party processors are subject to Data Processing Agreements (DPA) ensuring GDPR compliance.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain session authentication
  • Prevent fraud and detect misuse
  • Understand usage patterns and improve functionality

You can manage cookie preferences through your browser settings. Essential cookies for security and service delivery cannot be disabled.

9. Data Protection Officer (DPO)

For questions about our privacy practices or to exercise your GDPR rights, contact our Data Protection Officer:

Data Protection Officer
Email: privacy@instantproof.legal
Mailing Address: instantproof.legal, Brussels, Belgium

10. International Data Transfers

All personal data is processed within the European Union. We do not transfer data outside the EU/EEA unless you explicitly consent or it is necessary for service delivery with appropriate safeguards in place.

11. Policy Changes

We may update this Privacy Policy periodically. Changes are effective upon posting to this page. Continued use of the Service indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

instantproof.legal
Email: privacy@instantproof.legal