Productopedia

by Derumari

Privacy Policy

Last updated: 3 March 2026

Derumari Ltd. ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your personal data when you use Productopedia (the "Service").

Data controller: Derumari Ltd.

31 Harrisons Rise
Croydon, Surrey
CR0 4LL
United Kingdom

Contact: [email protected]

1. What Personal Data We Collect

1.1 Account Information

When you register for an account, we collect:

  • First name
  • Last name
  • Email address
  • Account login credentials

Passwords are not stored in plain text. Login credentials are securely hashed using industry-standard cryptographic methods before being stored.

1.2 Technical Data (Limited)

When you access the Service, limited technical data may be processed for security and system operation purposes, including:

  • IP address
  • Browser type
  • Date and time of access

We do not use this data for analytics, profiling, advertising, or marketing.

2. Cookies

We use only strictly necessary session cookies required for user authentication, account login sessions, and security/fraud prevention.

These cookies:

  • Do not track you outside the Service
  • Are not used for analytics or advertising
  • Are deleted when your browser session ends (session cookies)

Because these cookies are strictly necessary, consent is not required under UK PECR.

We do not use:

  • Analytics cookies
  • Advertising cookies
  • Tracking pixels
  • Third-party tracking technologies

3. How We Use Your Personal Data

We process your personal data for the following purposes:

3.1 To Provide the Service

Lawful basis: Contract

To create and manage your account and allow you to use the Service.

3.2 To Maintain Security

Lawful basis: Legitimate interests

To protect our systems, prevent fraud, and ensure platform security.

3.3 To Comply with Legal Obligations

Lawful basis: Legal obligation

To comply with UK laws, including accounting and tax requirements.

We do not sell personal data. We do not use automated decision-making or profiling.

4. Payments and Invoicing

Subscription payments are handled separately via invoices and are not processed through the website.

Billing information is processed only as necessary to:

  • Issue invoices
  • Maintain accounting records
  • Comply with UK tax law

Financial records may be retained for up to 6 years in accordance with UK legal requirements.

5. Hosting and Infrastructure

We use third-party cloud infrastructure providers to host the Service. These providers process personal data on our behalf under data processing agreements and may store limited infrastructure logs for security and system integrity purposes.

We do not actively access, analyse, or use these logs except where strictly necessary for security, troubleshooting, or legal compliance.

Where personal data is transferred outside the UK, appropriate safeguards (such as standard contractual clauses or the UK International Data Transfer Agreement) are used where required.

6. Data Retention

We retain personal data only for as long as necessary:

  • Account data: for the duration of your account and up to 24 months after account closure
  • Support communications: up to 24 months after resolution
  • Billing records: up to 6 years (UK legal requirement)
  • Infrastructure logs: retained by our hosting provider in accordance with their standard retention policies and used only for security, troubleshooting, or legal compliance purposes

After retention periods expire, data is securely deleted or anonymised.

7. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict processing
  • Object to processing based on legitimate interests
  • Request data portability
  • Withdraw consent (where processing is based on consent)

To exercise your rights, contact: [email protected]

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO): https://ico.org.uk

8. Children

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet is completely secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Last updated" date.