Privacy Policy
Effective date: 26 September 2025
1) Who we are (Controller) & Contact
Controller: Andrii Trush (self-employed in Belgium)
Registered address: 9200 Dendermonde, Belgium
Enterprise number (KBO/BCE): BE 1016.452.805
Email:contact@isapp.be
DPO: We have not appointed a Data Protection Officer (DPO).
Websites covered: isapp.be, isap.me, isap.dev (the “Sites”)
2) Scope
This Policy explains what personal data we collect when you use the Sites, why we collect it, how we process it, and your rights under the GDPR. For implementation details (processors, cookies, transfers, security, DSR), see our GDPR page.
3) What data we collect
- Contact forms: name, email, company, message, and any optional fields you provide.
- Project briefs & attachments: information to scope a project (company details, goals, requirements, timeline, budget, links, files you upload). Please avoid sharing special categories of data (e.g., health, biometric, political opinions) unless strictly necessary.
- Automatically collected data: IP address, device/browser info, pages viewed, timestamps, referrers; stored in server logs and (if you consent) analytics tools.
- From third parties (if applicable): advertising/remarketing platforms receive event data only when you have consented to Marketing cookies.
4) Purposes, legal bases, retention, recipients
We process data only for specific and legitimate purposes. All non-essential scripts (analytics/marketing) are blocked until you consent via Cookiebot.
| Purpose | Examples of data | Legal basis (Art. 6 GDPR) | Retention | Recipients / processors |
|---|---|---|---|---|
| Handle contact requests and enquiries | Name, email, company, message | Contract (6(1)(b)) or Legitimate interests (6(1)(f)) | Up to 12 months after last interaction (or longer where legally required) | Service providers supporting contact handling (if any) |
| Pre-contract steps: project briefs & proposals | Contact/company details, project scope, requirements, timeline, budget, attachments | Contract (6(1)(b)) — steps at your request prior to entering into a contract; or Legitimate interests (6(1)(f)) | Up to 24 months after last interaction if no contract is formed; if a contract follows — for the contract term and statutory retention (e.g., tax/VAT) | Internal tools (CRM/task/docs if used); need-to-know only |
| Site analytics and improvements (opt-in) | IP (truncated/aggregated where applicable), device, usage data | Consent (6(1)(a)) via Cookiebot | 2–14 months (per analytics settings) | Google Analytics 4, Microsoft Clarity, Cloudflare Web Analytics / RUM, Ahrefs Web Analytics |
| Security, performance & error monitoring | IP, request metadata, error traces | Legitimate interests (6(1)(f)) | ~90 days (typical log retention) | CDN/WAF, error monitoring |
| Marketing & remarketing (opt-in) | Cookie IDs, page events | Consent (6(1)(a)) | Per vendor policy; see cookie banner | Google Ads, Meta Pixel |
5) Cookies & tracking
We use cookies and similar technologies. Necessary cookies enable the Sites to function. Preferences, Statistics, and Marketing categories are disabled by default and load only after your consent. You can review or change your choices at any time via Change cookie preferences.
6) Disclosures and processors
We share data with service providers (processors) who support our Sites (consent management, tag delivery, CDN/security, analytics, error monitoring, ads). They process data only on our documented instructions under appropriate agreements. See our GDPR page for the current list of processors and tools.
7) International transfers
Where recipients are outside the EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and implement supplementary measures where necessary. Copies are available upon request.
8) Security
We apply technical and organizational measures appropriate to risk, including encryption in transit, access controls, least-privilege principles, 2FA for administrative access, backups, patching, logging/monitoring, and WAF/DDoS protections.
9) Your rights
- Access, rectification, erasure
- Restriction and objection to processing
- Data portability
- Withdrawal of consent at any time (where processing is based on consent)
To exercise your rights, email contact@isapp.be. We may request limited information to verify your identity. We respond within 30 days as required by the GDPR. You also have the right to lodge a complaint with the Belgian Data Protection Authority (APD/GBA): Rue de la Presse 35, 1000 Brussels, contact@apd-gba.be, www.dataprotectionauthority.be.
10) Children’s data
Our services are not directed to children. In Belgium, a child can consent to information society services from 13 years old; otherwise, consent must be given by a holder of parental responsibility. We do not knowingly collect personal data from children.
11) Changes to this Policy
We will post updates on this page and adjust the “Effective date” above. If material changes occur, we will use reasonable means to notify you.