iceeweb.online
Privacy Policy
This Privacy Policy explains how iceeweb.online ("we", "us", or "our"), operated by Jamal Jawando, collects, processes, and protects information within our ecosystem, in strict compliance with the European General Data Protection Regulation (GDPR / DSGVO).
1. Data Controller
The responsible data controller for all processing operations on this platform is:
Jamal Jawando Freelancer
Email: info@iceeweb.online
2. Detailed Information We Collect & Process
To operate our technical services, serverless configurations, and synchronization engines, data is processed within our self-contained database layers across the following categories:
-
Authentication Data (Portable Auth Kit): E-mail addresses and securely cryptographically hashed passwords (using scrypt) to manage user accounts, authenticate session cookies, and control application routing.
Legal basis: Art. 6 (1)(b) GDPR (Contract fulfillment). -
Order & Deployment Infrastructure Payload: Contact information, specific tier selections, transaction parameters, and architectural variables submitted during compilation and service provisioning.
Legal basis: Art. 6 (1)(b) GDPR. -
E-Commerce Synchronization & Logistics Data (Orders & SKUs):
When external shop environments are linked to our management systems, we process product metadata (SKUs, stock counts, item variants) alongside transactional streams. To run automated tracking and logistics operations (e.g., reorder hooks, dispatch tracking), these payloads contain third-party consumer processing attributes provided by the merchant (recipient names, delivery destinations, contact numbers).
Legal basis: Art. 6 (1)(b) GDPR (Executed via Data Processing Agreements with our operational Clients). -
Encrypted Third-Party Credentials: API tokens, webhooks, and private shop keys required to link external storefronts or distribution nodes to our backend pipelines. These keys are stored encrypted at rest.
Legal basis: Art. 6 (1)(b) GDPR. -
Network Telemetry & Infrastructure Logs: IP addresses, timestamp sequences, and browser attributes processed natively by in-memory firewalls to execute threat detection, prevent brute-force activities, and enforce active API rate-limiting.
Legal basis: Art. 6 (1)(f) GDPR (Legitimate interest in infrastructure security).
3. Storage, Central Database Location & Data Retention
If the Client utilizes the centralized infrastructure provided by us, all synchronized data points, system states, and user configurations are housed inside a dedicated, isolated **MongoDB cluster**. To guarantee regulatory compliance, this cluster is hosted exclusively on enterprise infrastructure nodes located within the European Union (EU).
Personal attributes are retained only as long as necessary to maintain active pipeline connections or to satisfy legal commercial and fiscal verification periods. Third-party transaction histories (end-customer order paths) are subject to automated data minimization and are depersonalized or cleared once the respective logistics cycle is completed.
4. Database Sovereignty: Bring-Your-Own-Database (BYODB) Option
Clients have the explicit architectural choice to connect their own native, independent MongoDB cluster by providing their private connection strings within the configuration dashboard.
If this option is selected, the data processing dynamics change fundamentally: Personal profiles, e-commerce data streams, SKUs, and logs are bypassed and written directly into the Client’s own data infrastructure. In this scenario, we do not store or persist these transactional records on our central servers. The Client retains exclusive sovereignty, configuration authority, and full legal responsibility under the GDPR regarding storage locations, data retention schedules, security measures, and data wiping routines.
5. Sub-Processors & Data Transmission
We do not trade, rent, or leak operational telemetry. Transmission occurs exclusively to verified sub-processors required to run the core platform utilities, under strict Data Processing Agreements (DPA):
- Database Operations: Enterprise MongoDB infrastructure nodes (EU West routing; only applicable if using our shared infrastructure mode).
- Payment Settlements: Certified processing networks (e.g., Revolut Pay) to complete subscription and setup transactions.
- Transactional Messaging: Nodemailer-linked secure SMTP pathways to distribute system codes and order confirmations.
- Performance Monitoring: Google Analytics (running with forced, strict IP-anonymization active).
6. Your Legal Rights under GDPR
Regarding your personal records, you hold the following statutory rights directly enforceable against the Controller:
- Right to access your compiled system data (Art. 15 GDPR)
- Right to immediate rectification of invalid datasets (Art. 16 GDPR)
- Right to erasure / complete data wiping (Art. 17 GDPR)
- Right to restrict internal processing queues (Art. 18 GDPR)
- Right to data portability in readable formatting (Art. 20 GDPR)
- Right to object to operations justified via legitimate interest (Art. 21 GDPR)
To invoke your rights, submit an explicit request to info@iceeweb.online. Furthermore, you have the right to lodge an appeal with a competent data protection supervisory authority.
7. Security
We implement strict technical and organizational measures to protect personal data within our logic engines and serverless components. However, no internet transmission or cloud storage engine can be guaranteed to be 100% secure.
8. Changes
We may update this policy from time to time to match architectural updates. The revised policy will be posted on this page with an updated effective date.