About 7 minutes

Privacy Policy

Last updated: 2025-06-20

This is the privacy statement of Innico B.V. (hereinafter referred to as “Innico”, “we,” “us” or “our”), a company with its registered address at De Hems 10 - Bastille 306, 7522NL Overijssel, The Netherlands. Innico is registered with the Dutch Chamber of Commerce under number 87209292.

This privacy statement explains how we collect, use, share, and protect information in relation to our website www.innico.nl ; *.innico.nl (the “Website”). We collect this information when you visit our Website with your computer, tablet, phone, or smartwatch (“Device”). We process personal data in compliance with the General Data Protection Regulation (“GDPR”), the Dutch Telecommunications Act, and other applicable privacy legislation.

By using our Website, you understand and agree that information will be collected and used in accordance with this privacy statement. This statement applies to all visitors, users, and others who access the Website (“Users”).

What data do we collect?

We only collect the data necessary to keep our website and web app safe and functional, to measure performance, and to resolve errors.

Data you provide to us

  • Communication: The content of messages you send us (support, email, website contact form) and our responses.
  • Account data (only if you create an account): email address and password. Optional profile fields are always clearly marked as optional.

Automatically via the website

For the Website we use Umami , an open-source, privacy-friendly analytics tool. Unlike traditional analytics tools, Umami does not collect or store personal data and does not place cookies. There are no unique identifiers and no cross-site tracking.

We only receive aggregated information, such as:

  • pages visited,
  • referring URL (referrer),
  • timestamps of visits,
  • device type, browser and operating system details,
  • aggregated location information (e.g., country/region).

Automatically via the web app

For the web app we record technical and diagnostic data:

  • Server and application logs: IP address, timestamp, request path, and status code, solely for security, troubleshooting, and abuse prevention.
  • Error diagnostics (Sentry): error type and message, stack trace, request URL, limited request headers (without sensitive data), user agent, application version/release, relevant events shortly before the error (“breadcrumbs”), and timestamps.
  • User identification: when errors occur, we link them to the relevant user (e.g., via user ID and email address) so we can provide support and resolve issues more quickly.
  • IP address: temporarily stored in Sentry and server logs to diagnose errors and enhance the security of the web app.

Sentry is hosted in the EU (Frankfurt, Germany) and is therefore subject to European data protection laws. In addition, we have implemented scrubbing rules (filters) to prevent storage of passwords, tokens, or other sensitive fields.

What we explicitly do not do

  • No sale of data.
  • No marketing profiles or ad tracking.
  • No cross-site tracking or third-party ad trackers.
  • Data is only shared with processors who support us in hosting, analytics, or error monitoring. We have signed data processing agreements with all our processors, in accordance with GDPR requirements.

We process personal data only when there is a legal basis under the GDPR:

  • Performance of a contract (e.g., account management and support),
  • Legal obligation (e.g., fiscal retention obligations),
  • Legitimate interest (e.g., security, error diagnostics, statistics), or
  • Consent (e.g., for marketing, if applicable).

Change of control

If Innico (or part of it) is sold, transferred, or if our assets end up with another organization (e.g., through a merger, acquisition, bankruptcy, or liquidation), the personal data we hold may be part of such a transfer. In that case, this privacy statement will continue to apply to your data, and we will ensure that the acquiring party is bound by the same obligations. For significant changes, we will inform you in advance.

We may disclose personal data if we are legally required to do so (e.g., by a search warrant, court order, or subpoena). We may also use or share data when necessary to investigate, prevent, or address fraud, abuse, or other illegal activities, and to protect the rights, property, and safety of Innico, our users, or others. We always limit such disclosure to what is strictly necessary.

Security

We take the security of your personal data and our systems seriously. Our services are hosted with European cloud providers (Scaleway for hosting and databases, Hetzner for compute) and use modern security practices. We use encrypted connections (TLS/HTTPS), enforce two-factor authentication for all accounts, hash passwords, and apply access controls, logging, and monitoring to prevent misuse. Internal access is managed via corporate Google accounts where possible.

We also maintain a responsible disclosure statement . This means we not only proactively look for vulnerabilities in our systems, but we also welcome reports from ethical hackers and security researchers. Any reported vulnerabilities will be resolved as quickly as possible. More information on how to report a vulnerability can be found on our responsible disclosure page .

International data transfers

We process and store personal data exclusively within the European Economic Area (EEA). Our hosting providers (Scaleway and Hetzner) and our error monitoring provider (Sentry, EU data center in Frankfurt) are located within the EU. As a result, your data is not transferred outside the EEA.

Should this change in the future, we will ensure that transfers only take place where there is an adequate level of protection in line with the GDPR (e.g., through EU Standard Contractual Clauses or an adequacy decision).

Data retention

We do not retain personal data longer than necessary for the purpose for which it is collected or used, unless a longer statutory retention period applies. Specifically:

  • Account data: as long as your account is active. After account deletion, data will be removed within 30 days, unless retention is required by law (e.g., billing).
  • Communication and support requests: up to 2 years after resolution, so we can refer to previous correspondence.
  • Invoice and payment data: 7 years, in line with fiscal obligations.
  • Log and error diagnostics (incl. Sentry): up to 90 days, unless needed to investigate a specific incident.
  • Analytics (Umami): aggregated, anonymized statistics only, not linked to individuals.

After these retention periods, personal data is deleted or anonymized.

Your rights

Under the GDPR you have the following rights regarding your personal data:

  • Right of access: to know which personal data we process about you.
  • Right to rectification: to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): to request deletion of your personal data, where legally permissible.
  • Right to restriction of processing: to request temporary suspension of the use of your data (e.g., during an objection).
  • Right to object: to object to processing based on legitimate interest or for direct marketing.
  • Right to data portability: to request your data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller.
  • Right to withdraw consent: if processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

You can exercise these rights by sending an email to info@innico.nl or by post to:

Innico B.V. De Hems 10 - Bastille 306 7522 NL Overijssel The Netherlands

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via www.autoriteitpersoonsgegevens.nl .

Third-party applications, websites and services

Our website and web app may contain links to applications, websites, or services of third parties. Our privacy statement does not apply to these external services. Your use of such services is governed by the terms and privacy policies of the respective third parties. We are not responsible for how these third parties handle your data.

Changes

Innico may update this privacy statement from time to time. The most current version is always available on this page. Changes take effect as soon as they are published here. For significant changes, we will notify you in advance (e.g., by email or in-app notification).

Contact

If you have any questions about this privacy statement or how we handle personal data, please contact us via the contact form or by email: info@innico.nl .

You can also reach us by post at:

Innico B.V. De Hems 10 - Bastille 306 7522 NL Overijssel The Netherlands