Privacy Policy

Created on 17 June, 2025 • 200 views • 4 minutes read

🔐 Privacy Policy – TrustPop.io

Effective Date: 18 June 2025

Data Controller: BDigital LLC

Registered Address: Lezhë, Albania

Contact (privacy): [email protected]

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use TrustPop.io (the “Service”). It is drafted under the laws of the Republic of Albania, in particular Law No. 124/2024 “On Personal Data Protection,” which is aligned with the EU GDPR concepts.

1) Scope & Who We Are

BDigital LLC provides a SaaS platform for real-time social-proof notifications, customization tools, and analytics. We act as controller for account, billing, support, and platform usage data; we act as processor only when we process end-user data strictly on a customer’s documented instructions (e.g., via our scripts/integrations). See also Section 5 (Sharing & Processors).


2) What Data We Collect

  1. Account & Contact Data: name, email address, password (hashed), company name, role/industry, phone (optional).
  2. Billing & Tax Data: billing address, tax/VAT ID (if applicable), plan details, payment confirmations (we do not store full card numbers).
  3. Usage & Technical Data: IP address, device/OS, browser, referring/exit pages, timestamps, feature interactions, error logs.
  4. Communications: support tickets, chat/messages, emails, satisfaction surveys.
  5. Customer Content/End-User Events (if you implement our scripts): limited event metadata required to render notifications and analytics you configure (you must ensure a lawful basis toward your end users and provide your own notices where you are the controller).

We collect data directly from you, automatically through our Service, and from service providers/integrations you connect (e.g., payment, analytics).


3) Purposes & Legal Bases (Law No. 124/2024)

We process personal data only when we have a lawful basis:

  1. Contractual necessity: to create/manage your account, provide the Service, process subscriptions, provide support, and communicate service-related notices.
  2. Legitimate interests: to secure and improve the Service (debugging, analytics, preventing abuse/fraud), to defend legal claims, and to personalize dashboards after balancing against your rights and freedoms.
  3. Consent: for certain cookies/trackers, marketing emails, and optional integrations; you may withdraw consent at any time.
  4. Legal obligations: invoicing, tax, accounting, responding to lawful requests.

(These bases reflect the structure of Law No. 124/2024, which mirrors GDPR-style legal grounds.)


4) Cookies & Similar Technologies

We use necessary cookies to run the site and optional analytics/marketing cookies with your consent. You can manage preferences via our banner or your browser settings. Details appear in our Cookie Policy.


5) Sharing & Processors

We share personal data only with:

  1. Processors that host, support, or operate our Service (e.g., cloud hosting, email delivery, customer support, error monitoring, analytics) under written data-processing agreements;
  2. Payment processor (e.g., Paddle) for subscription payments;
  3. Professional advisers (legal, accounting) and authorities where required by law;
  4. Business transfers (merger, acquisition), subject to continued protections.

All processors are bound to act only on our instructions and to implement appropriate security measures under Albanian law.


6) International Data Transfers

Our providers may be located outside Albania. When transfers occur, we implement appropriate safeguards recognized under Law No. 124/2024 (e.g., standard contractual clauses or binding corporate rules) and assess partner protections. We will inform you of material changes to transfer mechanisms as needed.


7) Retention

We retain personal data only as long as necessary for the purposes above, to meet legal/accounting requirements, or to resolve disputes. Typical retention:

  1. Account/billing records: during the contract and for statutory periods thereafter;
  2. Support logs: up to 24 months;
  3. Product analytics and server logs: short, proportional periods for security/diagnostics;
  4. Marketing data: until you unsubscribe or withdraw consent.
  5. When data are no longer needed, we delete or anonymize them in a secure manner. (Law No. 124/2024 requires timely erasure where conditions are met.)


8) Your Rights (Law No. 124/2024)

You have the right to:

  1. Access your data and obtain a copy;
  2. Rectify inaccurate or incomplete data;
  3. Erase data in cases provided by law (“right to be forgotten”);
  4. Restrict processing in specified circumstances;
  5. Portability of data you provided, where technically feasible;
  6. Object to processing based on our legitimate interests (including direct marketing);
  7. Withdraw consent at any time, where consent is the basis;
  8. Lodge a complaint with the Albanian supervisory authority (details below).

We aim to respond without undue delay and in any case within 30 days of receiving your request; this period may be extended where legally allowed due to complexity/volume. To exercise rights, contact [email protected].


9) Children’s Data

Our Service is intended for business users and is not directed to children. Where consent is relied upon for information-society services, minors under 16 require parental/guardian authorization under Albanian law. We do not knowingly collect data from children under this age without such authorization.


10) Security

We implement reasonable technical and organizational measures to protect personal data, including encryption in transit (TLS), access controls, least-privilege permissions, audit logging, and regular updates/monitoring. No system is 100% secure; you are responsible for maintaining the confidentiality of your credentials and for using unique, strong passwords.


11) Customer Content & Controller/Processor Roles

When you (as a business customer) collect data about your end users and send it to us via our scripts or APIs, you are the controller for that data and must provide any required notices and lawful bases to your end users. We act as processor and process such data only on your documented instructions, under a Data Processing Agreement (DPA).


12) Changes to This Policy

We may update this Policy to reflect legal, technical, or business developments. When we make material changes, we will notify you through the Service or by email and update the “Effective Date.” Continued use after changes means you accept the updated Policy.


13) Contact & Supervisory Authority

Controller:

BDigital LLC, Lezhë, Albania

Email: [email protected]


Supervisory Authority (Albania):

Komisioneri për të Drejtën e Informimit dhe Mbrojtjen e të Dhënave Personale

Address: Rr. “Abdi Toptani”, Nd. 5, 1001, Tiranë, Albania

Tel: +355 42 237 200 • Email: [email protected] • Website: idp.al


Notes on Albanian law (for your records)

Law No. 124/2024 (Official Gazette No. 9, 17 Jan 2025) repeals Law No. 9887/2008 and is GDPR-aligned (legal bases, rights, DPO/representative rules, transfers incl. BCR/SCCs). It entered into force in early 2025; sub-legal acts are being phased in.