Legal

Privacy Policy

Learn how we collect, use, and protect your data at Infindo, the semantic decision platform for builders and entrepreneurs.

Privacy Policy

Effective Date: January 27, 2025

Welcome to Infindo ("Infindo," "we," "us," or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services. It has been drafted to comply with major privacy frameworks, including the GDPR and CCPA/CPRA.

This policy should be read in conjunction with our Terms of Service. By using our Services, you agree to the collection and use of information in accordance with this policy.

1. Who We Are

The Infindo platform is operated by Quandelia SRL, a Belgian company with company number BE0775.602.102. Our registered address is Boulevard Bischoffsheim 39/4, 1000 Bruxelles, Belgium.

As a Belgium-based company, we serve as the data controller for all personal data processed through our Services and comply with the European Union's General Data Protection Regulation (GDPR).

2. Data We Collect

We collect the following types of information:

2.1. Information You Provide to Us

  • Account Information: When you create an account, we collect your email address, username, and any other information you choose to provide, such as display name and profile information.
  • Professional Profile Information: You may optionally provide information about your professional role, industry, company size, and technology preferences to personalize your experience.
  • Search Queries and Preferences: We collect information about your search queries, product and service preferences, and comparison activities to improve our semantic search and recommendation capabilities.
  • Product Comparison Data: Information about products, APIs, and services you compare, save, or interact with on our platform.
  • User-Generated Content: Comments, reviews, ratings, and other content you create on our platform.
  • Communication Data: If you contact us for support or inquiries, we collect the content of your communications.
  • Payment Information: When you subscribe to premium features, our third-party payment processor collects your payment details (for example, cardholder name, partial card number, or billing address). We do not have access to or store your full payment card information on our servers.

2.2. Information We Collect Automatically

  • Log and Usage Data: Our servers automatically record information created by your use of the Services, including your IP address, browser type, operating system, the referring web page, pages visited, location (country/city level), and timestamps. This data is used for security, operational purposes, and service improvement.
  • Analytics Data: We collect aggregated, anonymized usage statistics about how you interact with our platform, including feature usage (semantic search, Ask Mode AI comparisons, product discovery), session duration, and navigation patterns.
  • AI Interaction Data: When you use our Ask Mode feature for AI-assisted product comparisons, we collect your queries and interaction patterns to improve our AI models and provide better recommendations.

2.3. Cookies and Tracking Technologies

We take a "privacy‑first" approach and use only essential cookies required for the operation of our Services. No cookie banner is required under EU e‑Privacy rules for these essential cookies.

The only cookies we set are strictly necessary for authentication, security, and core functionality:

CookieProviderPurposeExpiryType
auth-tokenInfindo (Supabase)Keeps you authenticated between page loadsSession-basedFirst‑party, essential
sessionInfindoMaintains your session state and preferencesSession-basedFirst‑party, essential
__cf_bmCloudflareBot detection & rate‑limiting30 minThird‑party*, essential
cf_clearanceCloudflareMaintains Proof‑of‑Challenge during browser validation24 hThird‑party*, essential

*Cloudflare cookies are delivered from the *.infindo.com domain via Cloudflare's edge network and are considered "essential" security cookies.

3. How We Use Your Data

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our Services, including our semantic search and AI-powered comparison features.
  • To personalize your experience and provide relevant product and service recommendations.
  • To process your subscription payments through our third-party payment processor.
  • To power our AI features, including Ask Mode for intelligent product comparisons and recommendations.
  • To analyze usage patterns and improve our platform's effectiveness.
  • To communicate with you, including responding to your inquiries and sending important notices.
  • To send you product updates, feature announcements, and promotional content (with your consent, where required).
  • To ensure the security and integrity of our platform.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with our legal obligations and enforce our Terms of Service.

4. Data Processing and Transfers

4.1. Data Hosting

Our primary data hosting is within the European Union (EU) to ensure compliance with GDPR requirements.

4.2. International Data Transfers

While your data is primarily stored in the EU, it may be processed by third-party services located in other countries, including the United States. We ensure that any such transfers are protected by appropriate legal mechanisms, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to safeguard your data privacy rights under GDPR.

4.3. Our Data Processors

We use a limited number of third-party services to operate our platform:

  • Supabase: For database hosting, user authentication, and data storage (EU-hosted instances).
  • Payment Processor: Third-party provider for handling subscription payments (we maintain a data processing agreement, and the provider relies on EU/EEA hosting or Standard Contractual Clauses when transfers outside the EEA are required).
  • Cloudflare: For content delivery (CDN), DDoS protection, and security.
  • AI/LLM Providers: We may use third-party AI services (such as OpenAI, Anthropic, or similar) to power our Ask Mode feature for intelligent product comparisons. These providers process your queries in accordance with their privacy policies and data processing agreements.
  • Analytics Tools: We use privacy-focused analytics tools that provide aggregated, anonymized statistics without tracking individual users across websites.
  • Email Service Providers: For sending transactional and marketing emails (with appropriate data processing agreements).

All third-party processors are carefully selected and required to maintain appropriate technical and organizational measures to protect your data.

5. AI and Machine Learning

5.1. AI-Powered Features

Our platform uses artificial intelligence and machine learning to provide:

  • Semantic search capabilities for finding relevant products and services
  • Intelligent product comparisons through our Ask Mode feature
  • Personalized recommendations based on your preferences and usage patterns
  • Content categorization and tagging

5.2. AI Data Processing

When you use AI-powered features:

  • Your queries and interaction data may be processed by third-party AI providers
  • We anonymize and aggregate data where possible before processing
  • AI models learn from usage patterns to improve recommendations, but individual queries are not used to train public models without anonymization
  • You can opt out of AI-powered features by contacting us at [email protected]

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • With Service Providers: We share data with trusted third-party processors as described in Section 4.3, solely for the purposes of operating our Services.
  • For Business Operations: With sponsors and partners (for verified badges and sponsored placements), we may share aggregated, anonymized analytics but not personal information without your explicit consent.
  • Legal Requirements: We may disclose your information if required by law, legal process, or to protect the rights, property, or safety of Infindo, our users, or others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
  • With Your Consent: We may share your information with third parties when you explicitly consent to such sharing.

7. Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA) or Switzerland, you have certain data protection rights under GDPR. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

  • The right to access – You can request copies of your personal data.
  • The right to rectification – You can request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure – You can request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You can request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You can object to our processing of your personal data, under certain conditions.
  • The right to data portability – You can request that we transfer the data we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.
  • The right to withdraw consent – Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

7.1. How to Exercise Your Rights

To exercise these rights, please follow these steps:

  1. Prepare Your Request: Copy the template below into an email.

Subject: Data Subject Request

To: [email protected]

Your Contact Information:

  • Full Name: [Your Full Name]
  • Email Address Used for Your Infindo Account: [Your Email Address]
  • Username (if applicable): [Your Username]

Type of Request: (Choose one or more)

  • Access: I request a copy of the personal data you hold about me.
  • Rectification: I request that you correct the following inaccurate personal data: [Describe the data to be corrected].
  • Erasure (Deletion): I request the deletion of my personal data from your systems. I understand this will permanently close my account.
  • Objection: I object to the processing of my personal data for the following reasons: [Provide explanation].
  • Restriction of Processing: I request that you restrict the processing of my personal data because: [Provide explanation].
  • Data Portability: I request a copy of my personal data in a machine-readable format (e.g., JSON).
  • Withdraw Consent: I withdraw my consent for: [Specify the processing activity].

Confirmation: By sending this email, I confirm that I am the individual named above and that the information provided is accurate.

  1. Send the Email: Send the completed email from your account email address to [email protected].

  2. What to Expect: You will receive confirmation within 72 hours, and we will respond to your request within one month as required by GDPR. In complex cases, we may extend this period by two additional months and will notify you of any such extension.

7.2. California Consumer Privacy Act (CCPA / CPRA) Rights

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information held by businesses
  • The right to correct inaccurate personal information
  • The right to opt-out of the "sale" or "sharing" of your personal information
  • The right to limit the use and disclosure of sensitive personal information
  • The right to non-discrimination for exercising your CCPA rights

How to exercise: Send a request to [email protected] with the subject "CCPA Request" and specify whether you seek (a) access, (b) deletion, (c) correction, or (d) opt‑out. We will verify your identity and respond within 45 days as required by law.

We do not sell your personal information for monetary value. However, certain analytics or AI processing activities may be deemed "sharing" under the CCPA. You can opt‑out at any time by emailing us or by enabling the Global Privacy Control (GPC) signal in your browser.

8. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Consent: Where you have given us clear consent to process your personal data for a specific purpose (e.g., marketing communications, optional profile features).
  • Contract: Where processing is necessary to perform a contract we have with you (e.g., providing our Services, processing payments).
  • Legitimate Interests: Where the processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your data protection rights (e.g., improving our Services, security, fraud prevention).
  • Legal Obligation: Where we need to process your data to comply with legal obligations (e.g., tax, accounting, legal compliance).

9. Data Retention

9.1. Retention Periods

We retain your personal information only for as long as necessary for the purposes set out in this Privacy Policy:

  • Account Data: Retained while your account is active and for 12 months after account closure (for legal compliance and dispute resolution).
  • Search and Usage Data: Retained for up to 24 months in identifiable form; may be retained indefinitely in aggregated, anonymized form for analytics and service improvement.
  • AI Training Data: Queries and interactions used to improve AI models are anonymized and may be retained indefinitely in de-identified form.
  • Payment Records: Retained for 7 years to comply with accounting and tax obligations.
  • Communication Records: Support communications retained for 3 years.
  • Security Logs: Retained for 12 months for security and fraud prevention.

9.2. Deletion

After the retention period expires, we will securely delete or anonymize your personal data. You may request earlier deletion by exercising your right to erasure (see Section 7).

10. Data Security

10.1. Security Measures

We implement commercially reasonable technical and organizational measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Security monitoring and incident response procedures
  • Employee training on data protection and security

10.2. Limitations

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

11. Do Not Track and Global Privacy Control

Most browsers allow you to send a "Do Not Track" (DNT) signal. Our Services currently do not respond to DNT signals because there is no industry‑accepted standard for DNT implementation.

We do honor browser‑based Global Privacy Control (GPC) signals as a request to opt‑out of any "sale" or "sharing" of personal information under the CCPA/CPRA and similar laws. If you enable GPC, we will respect your preference.

12. Marketing Communications

We may send you product updates, feature announcements, promotional offers, educational content, or surveys via email. You can opt‑out at any time by:

  • Clicking the "Unsubscribe" link in any marketing email
  • Updating your email preferences in your account settings
  • Emailing us at [email protected]

Please note that even if you opt out of marketing communications, we will still send you transactional and service-related emails (e.g., account notifications, payment confirmations, security alerts).

13. Third-Party Links

Our Services may contain links to third-party websites, products, or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

14. Children's Privacy

Our Services are intended for business and professional use. We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.

15. International Users

Infindo is based in Belgium and our Services are provided from the European Union. If you access our Services from outside the EU, please be aware that your information may be transferred to, stored, and processed in Belgium and other EU countries, as well as in countries where our service providers operate.

By using our Services, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection rules than your country. We ensure appropriate safeguards are in place for such transfers as described in Section 4.2.

16. Business Transfers

In the event that Quandelia SRL is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

17. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page with an updated effective date
  • Sending you an email notification (if you have an account)

We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Quandelia SRL
Boulevard Bischoffsheim 39/4
1000 Bruxelles, Belgium
Company Number: BE0775.602.102

Email: [email protected]

Data Protection Officer: For data protection inquiries, please email [email protected] with "Data Protection" in the subject line.

18.1. Supervisory Authority

As a Belgium-based company, we are subject to the oversight of the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit). If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with:

Belgian Data Protection Authority
Rue de la Presse 35, 1000 Brussels, Belgium
Tel: +32 (0)2 274 48 00
Email: [email protected]
Website: https://www.dataprotectionauthority.be/

If you are located in another EU/EEA country, you may also contact your local data protection authority.

Last Updated: January 27, 2025

This Privacy Policy is governed by Belgian law and is drafted in compliance with the EU General Data Protection Regulation (GDPR), the Belgian Data Protection Act, and other applicable privacy laws including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).