Data Privacy & GDPR
GoValid is committed to protecting your personal data and complying with data privacy regulations.
GDPR Compliance
GoValid complies with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA).
Your Rights Under GDPR
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of your data | Account → Data Export |
| Rectification | Correct inaccurate data | Account → Profile Settings |
| Erasure | Request deletion of your data | Account → Delete Account |
| Portability | Receive data in machine-readable format | Account → Data Export |
| Restriction | Limit processing of your data | Contact Support |
| Objection | Object to processing | Contact Support |
Data We Collect
Account Data
- Name and email address
- Profile information
- Authentication credentials (hashed)
- 2FA settings
Usage Data
- QR codes created and scanned
- Scan analytics (location, device, time)
- API usage statistics
- Login history
Payment Data
- Transaction history
- Invoice records
- Payment method tokens (not full card numbers)
Technical Data
- IP address
- Browser and device information
- Cookies and session data
How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Provide GoValid services | Contract performance |
| Account management | Contract performance |
| QR code generation and verification | Contract performance |
| Analytics and improvements | Legitimate interest |
| Security and fraud prevention | Legitimate interest |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
Data Export
You can export all your data at any time:
- Go to Account → Security → Data Export
- Click Request Export
- You will receive an email when the export is ready
- Download your data in JSON format
Export Contents
- Profile information
- QR codes and metadata
- Scan history and analytics
- Transaction history
- Login history
- API key usage
Account Deletion
You can request permanent deletion of your account:
- Go to Account → Security → Delete Account
- Review what will be deleted
- Confirm with your password
- Deletion is processed within 30 days
What Gets Deleted
- Profile and account data
- QR codes (verification pages become unavailable)
- Scan history
- API keys
- Session data
What May Be Retained
- Transaction records (legal requirement)
- Anonymized analytics data
- Data required for legal compliance
Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| QR code data | Until QR code is deleted |
| Scan analytics | 2 years |
| Transaction records | 7 years (legal requirement) |
| Login logs | 1 year |
| Deleted accounts | 30 days (grace period) |
Cookies
GoValid uses cookies for:
- Session management (required)
- Preferences (optional)
- Analytics (optional)
You can manage cookie preferences in your browser settings.
Third-Party Data Sharing
GoValid may share data with:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Payment token, amount |
| PayPal | Payment processing | Payment token, amount |
| CDN/security provider | CDN and security | IP address, request data |
| Push notification provider | Push notifications | Device token |
| Cloud infrastructure provider | Infrastructure | Encrypted data |
We do not sell your personal data to third parties.
Security Measures
- Encryption: TLS for transit, AES-256 for storage
- Access Controls: Role-based access to data
- Auditing: Complete access logging
- Backups: Encrypted backups with limited retention
Contact
For privacy-related inquiries:
- Email: [email protected]
- Address: PT Digital Engineering Indonesia
Related
- Security Overview - Security architecture
- Encryption - Data encryption details
- Account & Billing - Account management