Privacy Policy
1. Overview
DIDfarm ("we", "us", "our") operates the DIDfarm platform at didfarm.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services.
We are committed to GDPR compliance for users in the EU/EEA, PECR compliance for users in the UK, and CCPA compliance for users in California.
2. Data We Collect
Account data: Name, email address, company name, phone number, and password (hashed).
Billing data: Payment method details (tokenised by Stripe — we never store raw card numbers), billing address, VAT number, invoice history.
Usage data: Numbers ordered, configuration settings, API key activity, portal usage, login timestamps, IP addresses.
Technical data: Browser type, device type, operating system, referring URLs, and session data collected automatically.
KYC data: For certain countries, we may collect identity documents as required by local telecommunications regulations.
3. How We Use Your Data
- Providing and managing your DID number services
- Processing payments and sending invoices
- Sending transactional emails (activation confirmations, renewal reminders, receipts)
- Responding to support requests
- Complying with telecommunications regulations in relevant countries
- Detecting and preventing fraud or abuse
- Improving our platform (aggregated, anonymised analytics only)
We do not use your personal data for advertising. We do not sell your data to third parties.
4. Data Sharing
We share data only with the following categories of third parties, and only as necessary to provide our services:
- DID carriers (Telnyx, DIDWW, DIDLogic) — number provisioning requires sharing the number and basic account details
- Stripe — payment processing. Stripe is PCI DSS Level 1 certified
- SendGrid / Postmark — transactional email delivery
- AWS / GCP — cloud hosting and infrastructure
All third-party processors are bound by Data Processing Agreements (DPAs) and handle data only on our instructions.
5. Data Retention
We retain your account data for as long as your account is active, and for up to 7 years after closure for legal and tax compliance purposes. You can request earlier deletion (see Your Rights below), subject to legal obligations.
6. Your Rights
Under GDPR and applicable law, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request we limit how we process your data
To exercise any of these rights, email privacy@didfarm.com or use the Data Export / Delete features in your account settings. We will respond within 30 days.
7. Cookies
We use the following categories of cookies:
- Essential: Session management, CSRF protection, authentication. Cannot be disabled.
- Analytics: Aggregated, anonymised usage statistics. No personal identification. Opt-out available.
We do not use advertising or tracking cookies.
8. Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, bcrypt password hashing, and two-factor authentication. We are PCI DSS compliant via Stripe's hosted payment fields. We conduct regular security audits.
9. International Data Transfers
DIDfarm is incorporated in the Netherlands and processes data within the EU/EEA. Where data is transferred outside the EEA (e.g. to US-based processors), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Contact Us
For privacy-related questions or to exercise your rights:
Email: privacy@didfarm.com
Post: DIDfarm BV, Tilburg, Netherlands
You have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.