Privacy Policy

Last updated: February 2026 · Effective immediately

Ideallab ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our marketing website at ideallab.org and our web application at app.ideallab.org (collectively, the "Services").

This policy is written in compliance with the EU General Data Protection Regulation (GDPR) (Regulation 2016/679) and, where applicable, the UK GDPR.

Data Controller: Ideallab · Contact: privacy@ideallab.org

1. What Data We Collect

We collect different types of data depending on how you interact with us:

1.1 Data you provide directly

Account information (name, email address, password) when you register on app.ideallab.org
Product descriptions and inputs you enter into the application to generate your ICP and growth recommendations
Communications you send us (e.g. support requests, feedback emails)

1.2 Data collected automatically

Usage data: pages visited, features used, time spent, click patterns
Device and browser data: browser type, operating system, screen resolution, language settings
IP address (anonymised before storage in Google Analytics)
Referrer URL and UTM parameters
Cookies and similar tracking technologies (see our Cookie Policy)

1.3 Data from third parties

Aggregated analytics data from Google Analytics 4 (GA4)

2. How We Use Your Data

We use your personal data for the following purposes:

Providing the Services — to operate, maintain and deliver the features of Ideallab, including generating your ICP, customer discovery maps and contact playbooks
Account management — to create and manage your account, authenticate you, and send essential service communications
Analytics and improvement — to understand how visitors use our Website and app so we can improve them (via Google Analytics 4)
Security and fraud prevention — to detect, investigate and prevent fraudulent or abusive activity
Legal compliance — to comply with applicable laws, regulations and legal obligations
Communications — to respond to enquiries and, where you have opted in, to send product updates

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data under the following legal bases:

Contract (Art. 6(1)(b)) — processing necessary to perform our contract with you (providing the Services)
Legitimate interests (Art. 6(1)(f)) — analytics to improve our Services, security monitoring, and fraud prevention, where your interests and fundamental rights do not override these interests
Consent (Art. 6(1)(a)) — for analytics cookies and any optional marketing communications; you may withdraw consent at any time
Legal obligation (Art. 6(1)(c)) — where we are required to comply with applicable law

4. Google Analytics

Our Website uses Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics places cookies on your device to help us analyse how users interact with the Website.

The data collected includes pages viewed, session duration, approximate geographic location (country/city level), device type, and referral source. IP addresses are anonymised before storage. We do not use Google Analytics to identify individual users or combine analytics data with other personal data.

Google may transfer data to servers in the United States. Google LLC relies on Standard Contractual Clauses (SCCs) as a transfer mechanism under GDPR Chapter V.

You can opt out of Google Analytics at any time using the Google Analytics Opt-out Browser Add-on. For full details, see Google's Privacy Policy.

5. How We Share Your Data

We do not sell, trade, or rent your personal data. We may share your data in the following limited circumstances:

Service providers — trusted third-party vendors who process data on our behalf (e.g. hosting, analytics, email delivery) under data processing agreements that comply with GDPR
Google LLC — for website analytics via Google Analytics 4
Legal requirements — if required by law, court order, or governmental authority
Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity; we will notify you before your data becomes subject to a different privacy policy

6. International Data Transfers

Some of our service providers (including Google) are located outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914).

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

Account data: retained for the duration of your account plus 90 days after deletion
Application inputs (product descriptions, ICP data): retained while your account is active; deleted within 30 days of account deletion upon request
Analytics data: retained for up to 14 months within Google Analytics (as configured in our GA4 property)
Support communications: retained for up to 3 years

8. Your Rights Under GDPR

If you are located in the EU, EEA, or UK, you have the following rights regarding your personal data:

Right of Access Request a copy of the personal data we hold about you (Art. 15)

Right to Rectification Request correction of inaccurate or incomplete data (Art. 16)

Right to Erasure Request deletion of your personal data ("right to be forgotten") (Art. 17)

Right to Restrict Processing Request that we limit how we use your data in certain circumstances (Art. 18)

Right to Data Portability Receive your data in a structured, machine-readable format (Art. 20)

Right to Object Object to processing based on legitimate interests or for direct marketing (Art. 21)

Right to Withdraw Consent Withdraw consent at any time without affecting prior processing (Art. 7(3))

Right to Lodge a Complaint File a complaint with your national supervisory authority (Art. 77)

To exercise any of these rights, contact us at privacy@ideallab.org. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

If you are based in the EU, you may also lodge a complaint with your national data protection authority. A list of EU authorities is available at edpb.europa.eu. For UK residents, the supervisory authority is the Information Commissioner's Office (ICO).

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS/TLS), access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@ideallab.org.

11. Links to Third-Party Sites

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page, and where appropriate, by sending an email notification or displaying a notice in the application. We encourage you to review this policy regularly.

13. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

Email: privacy@ideallab.org
App: app.ideallab.org

← Back to Ideallab · Cookie Policy