Privacy Policy
Last updated: May 19, 2026
1. Introduction
This Privacy Policy explains how igodemy (“igodemy”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data when you visit our website at igodemy.ai, request our enterprise AI learning brochure, enrol in a training program, contact us, or otherwise interact with our services.
We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable Romanian data-protection law. By using our website or services, you confirm that you have read and understood this Policy.
2. Data controller
The controller responsible for your personal data is:
- igodemy — operator of igodemy.ai
- Romania (EU)
- Email: [email protected]
For any question relating to your personal data or this Policy, please contact us at the address above.
3. Personal data we collect
We only collect the personal data we need to provide our services and to communicate with you. Depending on how you interact with us, this may include:
3.1 Data you provide to us
- Contact form: full name, professional email address, company name, role, country, message content, and area of interest.
- Brochure download form: full name, professional email address, company name, role, country, team size, and consent preferences.
- Training enrolment: full name, professional email address, company name, billing details (where applicable), and any information you submit during onboarding.
- Newsletter subscription: email address and, optionally, your name.
3.2 Data collected automatically
- Analytics: we use Plausible Analytics, a privacy-friendly, cookieless service that does not collect personally identifiable information. It produces aggregate statistics only (e.g. number of visitors, pages viewed, referring source, country at country level).
- Technical data: minimal server logs (IP address, user agent, timestamp) retained for a short period for security, fraud prevention, and debugging purposes.
- Anti-spam: we use Cloudflare Turnstile to mitigate automated abuse of our forms. Turnstile may process limited technical signals; it does not place tracking cookies.
3.3 Special categories of data
We do not knowingly collect any special categories of personal data (e.g. health, religion, biometric data) and ask that you do not submit such information through our forms.
4. Purposes and legal bases for processing
We process your personal data only where we have a valid legal basis under Article 6 GDPR:
| Purpose | Legal basis |
|---|---|
| Responding to enquiries submitted via the contact form | Pre-contractual measures / legitimate interest (Art. 6(1)(b)/(f)) |
| Delivering the requested brochure or training materials | Pre-contractual measures (Art. 6(1)(b)) |
| Administering training programs you enrol in | Performance of a contract (Art. 6(1)(b)) |
| Sending you the newsletter or marketing communications | Your consent (Art. 6(1)(a)), which you may withdraw at any time |
| Maintaining the security and integrity of our website | Legitimate interest in protecting our systems (Art. 6(1)(f)) |
| Complying with legal, tax, or accounting obligations | Legal obligation (Art. 6(1)(c)) |
| Producing aggregate, anonymous analytics | Legitimate interest in improving our services (Art. 6(1)(f)) |
You can object to processing based on legitimate interest at any time — see Section 8.
5. How long we keep your data
We retain personal data only for as long as necessary for the purposes set out above:
- Contact and brochure enquiries: up to 24 months from your last interaction with us, unless a contractual relationship is established.
- Customer records (training programs): for the duration of the contract and up to 10 years after, where required by applicable accounting and tax law.
- Newsletter subscriptions: until you unsubscribe, after which your email is removed from active marketing lists within 30 days.
- Server logs: up to 90 days, unless retention is required for security investigations or legal claims.
When data is no longer required, it is securely deleted or fully anonymised.
6. Recipients and data sharing
We do not sell, rent, or trade your personal data. We share it only with carefully selected providers acting on our behalf, and only to the extent strictly necessary:
- Hosting and infrastructure: Cloudflare (CDN, security, edge compute).
- Transactional email: providers used to send brochure deliveries, account communications, and operational messages.
- Marketing email: providers used to send the newsletter and program updates (only where you have consented).
- Analytics: Plausible Analytics (aggregate, anonymous data only).
- Professional advisers: accountants, auditors, and legal counsel, where required.
- Public authorities: where we are legally required to disclose data (e.g. court order, regulatory request).
All processors act under written data-processing agreements that meet the requirements of Article 28 GDPR.
7. International transfers
Personal data is primarily stored and processed within the European Economic Area (EEA). Where a processor (e.g. Cloudflare) is established outside the EEA, transfers take place under appropriate safeguards as required by Chapter V GDPR — typically the European Commission’s Standard Contractual Clauses (SCCs) supplemented by technical and organisational measures.
You may request a copy of the relevant safeguards by contacting us at [email protected].
8. Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you (Art. 15).
- Rectify inaccurate or incomplete data (Art. 16).
- Erase your data (“right to be forgotten”, Art. 17).
- Restrict processing in certain circumstances (Art. 18).
- Receive your data in a portable, machine-readable format (Art. 20).
- Object to processing based on legitimate interest or direct marketing (Art. 21).
- Withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
- Lodge a complaint with a supervisory authority (see Section 11).
To exercise any of these rights, write to [email protected]. We will respond within one month of receiving your request, in line with Article 12 GDPR. We may ask you to verify your identity before acting on a request.
9. Cookies and similar technologies
Our website is designed to minimise the use of cookies. We do not use advertising or tracking cookies. For details on the strictly necessary and preference cookies we may use, please see our Cookie Policy.
10. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (HTTPS/TLS), encryption at rest where applicable, role-based access controls, network firewalls, logging and monitoring, and regular review of our security posture.
No method of transmission over the Internet or method of electronic storage is, however, 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
11. Supervisory authority
If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
The competent authority for igodemy is:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, Romania Website: www.dataprotection.ro
12. Children
Our services are directed at professionals and are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
13. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable law. The “Last updated” date at the top of the page indicates when the Policy was last revised. Material changes will be communicated through the website or by direct notice where appropriate.
14. Contact
For any questions, requests, or complaints regarding your personal data or this Policy, contact us at:
- Email: [email protected]
- Postal: igodemy, Romania (EU)
This Privacy Policy is provided for general informational purposes and should be reviewed by qualified legal counsel before being relied upon in a specific commercial or regulatory context.