Privacy Policy

Last updated: April 2026

1. What We Collect

Digital Passport ("we", "the App") collects the following data when you connect your Akeneo PIM instance:

• PIM Connection Data - Your Akeneo PIM URL, OAuth client ID, and an encrypted access token.
• Configuration Data - Passport configurations you create: selected attributes, channel, locale, colors, and logo URL.
• Product Data (cached) - Product attribute values fetched from your PIM are temporarily cached in Redis for performance. Cached data expires based on your configured TTL (default: 1 hour).

We do not collect personal data about your end consumers who scan QR codes. Passport pages are rendered server-side with no tracking, cookies, or analytics scripts.

2. How We Store Data

• OAuth tokens and API credentials are encrypted at rest using AES-256 (Defuse PHP encryption).
• All data is stored in a PostgreSQL database hosted on our infrastructure.
• Cached product data is stored in Redis with automatic expiration.
• All connections use HTTPS/TLS encryption in transit.

3. How We Use Data

Your data is used exclusively to:

• Fetch product information from your Akeneo PIM to render Digital Product Passports.
• Generate QR codes that link to passport pages.
• Display your configured branding (colors, logo) on passport pages.

We do not sell, share, or use your data for advertising or any purpose other than providing the Digital Passport service.

4. Data Retention

• Connection data - Retained as long as your app is connected. Deleted immediately when you disconnect the app from your PIM.
• Cached product data - Automatically expires based on your configured TTL. You can also manually clear the cache from the admin dashboard.
• Passport configurations - Deleted when you disconnect the app (cascade deletion).

5. Data Deletion

When you disconnect Digital Passport from your Akeneo PIM:

• All your data (connection, configurations, cached products) is permanently deleted.
• This happens automatically via the Akeneo app disconnection webhook.
• You can also request manual deletion by contacting us.

6. Third-Party Services

• Akeneo PIM - We access your PIM via its REST API using the credentials you provide.
• Sentry - We use Sentry for error monitoring. Error reports may include request metadata (URL, HTTP status) but never product data or credentials.

7. Your Rights (GDPR)

If you are in the EU, you have the right to:

• Access, correct, or delete your data.
• Withdraw consent (by disconnecting the app).
• Lodge a complaint with a supervisory authority.

8. Contact

For privacy-related questions, contact: [[email protected]]