Skip to content
PODFY

Privacy

Privacy Policy

This Privacy Policy explains how PODFY processes personal data on podfy.net (website) and podfy.app (product). It is written for operations teams, drivers, and privacy officers who need a clear, honest overview of data flows and responsibilities.

Last updated: 2025-12-10
Controller: PODFY, Van Weede van Dijkveldstraat 25, 2582KP ’s-Gravenhage (The Hague), Netherlands
Primary contact: support@podfy.net
Scope: podfy.net (website) and podfy.app (operational platform)

Chapters

Use this as a map for legal review, DPIAs, and internal documentation.

1. Who we are & scope

Controller, roles and where this applies

For the purposes of the EU General Data Protection Regulation (“GDPR”) and similar laws, PODFY is the data controller for personal data we collect via podfy.net and for account-level data in podfy.app (for example, admin contact details and billing info).

For operational Proof-of-Delivery data inside podfy.app (for example, driver names, recipient signatures, delivery references and uploaded POD images), PODFY acts as a data processor on behalf of the customer that uses PODFY to manage their logistics. In that case, your organisation is the controller and determines purposes and means of processing.

This Privacy Policy covers:

  • podfy.net – marketing site, forms, documentation pages and legal content.
  • podfy.app – the operational product, portals and email links used by customers, drivers and recipients.

2. Data we process

Categories of personal data

2.1 Website visitors (podfy.net)

  • Contact form data: name, email, company, message and any information you choose to include.
  • Technical logs: IP address, date/time, URLs visited, basic device/user-agent information, and error logs.
  • No marketing trackers: we do not use analytics, marketing or advertising cookies. See the Cookie Policy for details.

2.2 Customer admins and users (podfy.app)

  • Account information: name, business email address, organisation, role and authentication data.
  • Configuration data: retention settings, branding assets, notification preferences and integration settings.
  • Usage data: timestamps of logins, uploads, downloads and configuration changes, for security and auditability.

2.3 Drivers, recipients and other delivery contacts (within Customer Data)

When you use PODFY for real deliveries, you may upload or generate:

  • Driver names or identifiers.
  • Recipient names, initials or signatures.
  • Contact details (for example, email address to send a confirmation).
  • Shipment references, license plates, order numbers and POD images (including photos of documents or parcels).

This information is treated as Customer Data. We process it only on documented instructions from the customer, as described in your contract and, where applicable, our Data Processing Addendum (“DPA”).

2.4 Support and communications

  • Support tickets and emails you send to support@podfy.net.
  • Feedback you provide about the product or documentation.

3. Purposes & legal bases

Why we process personal data

3.1 Operating the product (podfy.app)

  • Creating and managing customer accounts and user access.
  • Storing and retrieving POD documents and related metadata.
  • Sending operational communications (for example upload confirmations or portal links).
  • Providing logs and audit trails for your operations team.

Legal bases: performance of a contract (Art. 6(1)(b) GDPR) with our customer and, where applicable, legitimate interests (Art. 6(1)(f) GDPR) in running a secure, reliable service.

3.2 Website, demos and sales conversations (podfy.net)

  • Responding to contact and demo requests.
  • Providing information about PODFY’s features and pricing.
  • Monitoring for abuse or attacks against the website.

Legal bases: legitimate interests in promoting and protecting our services, and performance of a contract or pre-contractual steps when you explore or enter into an agreement with us.

3.3 Service improvement and reliability

We may use de-identified or aggregated usage data (for example counts of uploads per day, portal response times, error rates) to diagnose issues and improve PODFY. Where we use pseudonymised data, we do so under legitimate interests with appropriate safeguards.

3.4 Legal obligations

We may process certain information to comply with legal obligations, such as keeping invoices for tax and accounting or responding to lawful requests from authorities.

4. Retention

How long we keep data

4.1 Website data (podfy.net)

  • Contact requests: typically up to 12 months after closure of the conversation, unless we need to keep them longer for contractual or legal reasons.
  • Security and access logs: typically up to 30 days, unless needed for incident investigation.

4.2 Customer Data in podfy.app

  • POD documents and related metadata: retained according to your configuration and contract (for example, 60 days, 1 year or longer retention windows).
  • Account information and audit logs: retained for the duration of your subscription and for a reasonable period afterwards to handle queries, disputes or legal obligations.

4.3 Backups

Data may persist for a limited period in backups before being fully removed, in line with our disaster-recovery and business-continuity practices.

5. Processors & international transfers

Who helps us run PODFY

We use carefully selected service providers (sub-processors) to host infrastructure and deliver parts of the service. Examples include:

  • Cloud infrastructure and edge services (for example Cloudflare) for hosting, storage, DNS and security.
  • Email delivery providers for sending operational emails and portal links.
  • Support tooling used to manage incoming support requests.

Where these providers process personal data on our behalf, they do so under written contracts that include confidentiality, security and data-protection obligations.

International transfers.

We aim to host production data for podfy.app in EU regions where possible. If personal data is transferred outside the EU/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms under applicable law.

6. Security & data minimisation

How we protect Customer Data

Security is built into PODFY’s design. Highlights are described on the Security page and in our SECURITY.md, but at a high level:

  • All PODFY properties enforce HTTPS with modern TLS.
  • Access to operational systems is restricted and audited.
  • Customer Data is logically separated between tenants.
  • File uploads are checked and stored using secure mechanisms, with signed URLs used for controlled access where applicable.

We collect only the data needed to operate PODFY and support customers. We do not build advertising profiles and we do not sell personal data.

Cookies & tracking

We follow a low-cookie approach. As of this version, we do not use analytics or marketing cookies on podfy.net or podfy.app. For full details, see the Cookie Policy.

7. Your rights

Choices and data subject requests

Where GDPR or similar laws apply, you may have the following rights with respect to your personal data:

  • Right of access – to know whether we process your data and to receive a copy.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion in certain circumstances.
  • Right to restriction – to ask us to limit processing under specific conditions.
  • Right to data portability – to receive certain data in a structured, commonly used format.
  • Right to object – to object to processing based on legitimate interests.
  • Right to withdraw consent – where processing is based on consent.

To exercise these rights, or to raise privacy questions, contact us at support@podfy.net. We may need to verify your identity before fulfilling a request.

If you are a driver or recipient whose data is processed inside podfy.app by one of our customers, we may direct you to contact that customer (your employer, carrier or shipper) first, as they are the controller for that data.

You also have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

8. Children

Use by minors

PODFY is designed for professional use in logistics and related industries. It is not intended for use by children under 16. We do not knowingly target or market the Services to children, and any processing of children’s data would occur only as part of Customer Data controlled by our customers (for example, if a name appears on a delivery note).

9. Changes & contact

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services or our processing activities. When we make material changes, we will use reasonable efforts to notify customers (for example by email or in-app notice).

  • The “Last updated” date at the top always shows the current version.
  • Archived versions may be made available on request for audit or compliance purposes.

Questions or concerns?

If you have questions about this Privacy Policy or how PODFY processes personal data, please contact us at support@podfy.net.