Privacy Policy

UmbrellaID / IDCanopy FlexCo

back

Privacy Policy

Last updated: 31.03.2026

UmbrellaID is operated by IDCanopy FlexCo, Dr. Karl-Lueger-Platz 5, 1010 Vienna, Austria.

This Privacy Policy explains how we process personal data in connection with our website and the UmbrellaID platform.

1. Scope

This Privacy Policy applies to website visitors, registered users, business customers and end users whose data is processed via our services.

2. Roles under GDPR

Depending on the context, IDCanopy acts either as controller or processor.

We act as controller particularly for account registration, billing, communication and platform security.

We act as processor when we handle personal data on behalf of customers, for example in KYC or verification workflows.

3. Data we process as controller

  • Account and contact data such as name, email address and login credentials
  • Billing data such as billing address, transaction details and payment references
  • Technical data such as IP address, login activity, system logs and API usage metadata

4. Purpose of processing

  • Providing and managing access to UmbrellaID
  • Processing payments and billing
  • Ensuring platform security, integrity and operations
  • Communicating with customers
  • Complying with legal obligations

5. Legal basis

  • Art. 6(1)(b) GDPR – performance of a contract
  • Art. 6(1)(c) GDPR – legal obligations
  • Art. 6(1)(f) GDPR – legitimate interests, especially security and fraud prevention

6. Processing as processor

When customers use UmbrellaID, we process personal data solely on their behalf.

  • Identity and business verification (KYC / KYB)
  • Address and contact verification
  • Biometric verification
  • Fraud prevention and risk assessment

In these cases, the customer determines the purpose and legal basis, and processing is governed by our Data Processing Agreement.

7. Data retention

We retain account and billing data for the duration of the business relationship and as required by law.

Data processed on behalf of customers is retained according to customer instructions and, where necessary, for audit, security or compliance purposes.

8. Subprocessors and service providers

We use selected third-party providers for hosting, verification services and payment processing, for example Stripe.

All providers are contractually required to implement appropriate data protection safeguards.

9. International transfers

Data is primarily processed within the EU/EEA. Transfers to third countries only take place where appropriate safeguards are in place and GDPR requirements are met.

10. Security

We implement appropriate technical and organisational measures, including encryption, access controls, logging, monitoring and backup/recovery procedures.

11. Data subject rights

Individuals have rights of access, rectification, deletion, restriction, objection and data portability.

If data is processed on behalf of a customer, requests should generally be directed to that customer as controller.

12. Cookies

We only use essential cookies required for authentication, session management and secure operation of the platform. We do not use tracking or marketing cookies.

13. Contact

IDCanopy FlexCo
Dr. Karl-Lueger-Platz 5
1010 Vienna
Austria

Email: privacy@idcanopy.com

14. Updates

We may update this Privacy Policy from time to time. Material changes will be communicated appropriately.