Platform Developers Docs API Network Security Roadmap Contact
Legal

Privacy & GDPR.

Plain-language summary up top, the legal text below. We are the data controller for your IVO account, and we behave like one.

Effective: 1 May 2026  ·  Controller: Internetivo Ltd, Cyprus  ·  DPO: dpo@internetivo.com

The short version

  • We collect what we need to run the marketplace - account info, task history, and what regulators require for KYC and DAC7.
  • We don't sell personal data. We never have.
  • We store data inside the EU. Sub-processors are listed below by name.
  • You can export, correct, or delete your data from your account settings, or by emailing dpo@internetivo.com.
  • We use cookies for the parts of the site that need to remember you, plus first-party analytics. No third-party ad trackers.

1. Who we are

The data controller is Internetivo Ltd, a Cyprus-registered company operating IVO. For users on a federated peer node, the operator of that node is a joint controller for data they collect locally, and the DPA between us governs that relationship.

2. What we collect

You give us

  • Account: name, email, password hash, role.
  • Profile: display name, avatar, skills, bio.
  • KYC: ID document, selfie, address proof - held by our verification provider, not stored in plaintext on our servers.
  • Wallet: bank account or Stripe destination details.
  • Communications: support tickets, dispute submissions.

We collect automatically

  • IP, device, browser, and approximate location for security and fraud prevention.
  • Page views and feature usage via first-party analytics. No advertising trackers.
  • Webhooks and API calls keyed to your account for rate-limiting and abuse detection.

3. Why we collect it (legal bases)

  • Contract - to provide the platform you signed up for.
  • Legal obligation - KYC, AML, sanctions screening, DAC7 reporting, tax invoicing.
  • Legitimate interest - fraud prevention, platform security, product analytics.
  • Consent - optional product emails and beta program invitations.

4. How long we keep it

Account and transaction records: 7 years after closure (Cyprus tax law). KYC documents: per your verification provider's policy, typically 5 years. Support tickets: 3 years. Server logs: 90 days. You can request earlier deletion of anything not bound by a legal obligation.

5. Who we share it with

We don't sell data. We share it only with the sub-processors listed below, each under a written DPA, and only as needed:

  • Stripe - payments and KYC.
  • Hetzner / OVH (EU) - primary hosting.
  • Cloudflare - DDoS protection and edge delivery.
  • Postmark - transactional email.
  • Federated peer node operators - only the minimum data required to route a cross-node task you participate in.
  • Tax authorities - in jurisdictions where DAC7 or equivalent reporting applies.

6. Where it's stored

Primary: EU (Helsinki + Falkenstein). Backups: EU. We do not transfer personal data outside the EU/EEA except as needed for sanctions screening, and then under appropriate safeguards (SCCs).

7. Your rights

Under GDPR you can:

  • Access your data (export from account settings, or email dpo@internetivo.com).
  • Correct inaccurate data.
  • Erase data (subject to retention obligations above).
  • Restrict or object to processing.
  • Move your data to another provider in a portable format.
  • Lodge a complaint with the Cyprus Office of the Commissioner for Personal Data Protection.

Requests get a response within 30 days, free of charge.

8. Cookies

We use first-party cookies for session, language, and theme preference, plus a privacy-respecting analytics cookie. There is no advertising tracker on this site. A cookie banner is shown to first-time visitors per ePrivacy.

9. Children

The platform is not intended for users under 18. We do not knowingly collect data from minors. If you believe a child has registered an account, email dpo@internetivo.com and we will delete it.

10. Changes to this notice

We notify registered users by email at least 14 days before any material change. Past versions are archived and linked from the footer.