Privacy Policy

Ideal ICP operates the website idealicp.com and the Ideal ICP platform. We are based in Nairobi, Kenya. For any privacy-related questions, contact us at support@idealicp.com.

Information you provide directly:

• Your email address, first name, and last name when you sign up
• Your company name and other business details you enter during onboarding or diagnostics
• Answers to the ICP diagnostic questionnaire
• CSV files or campaign data you optionally upload for deeper analysis

Information collected automatically when you use Google sign-in:

• Your full name and profile picture from your Google account
• Your Google-verified email address

Information collected automatically through use of the platform:

• Your subscription tier and billing status
• Timestamps of when you view reports, intelligence briefings, and other content
• Quick wins you have marked as complete
• Your engagement streaks and usage milestones
• Standard server log data, including IP address and browser type

We use your information to:

• Create and manage your account
• Generate your ICP diagnostic reports and recommendations
• Process your subscription payments via Paystack
• Send you transactional emails (account confirmation, report delivery, billing receipts) via Resend
• Send you intelligence briefings and product updates if you are a subscriber (you may opt out at any time)
• Improve the accuracy and quality of the platform
• Comply with legal obligations

We do not use your data for advertising, profiling for third parties, or any purpose not listed here.

We process your personal data on the following bases:

• Contract: Processing your account details, generating reports, and handling billing is necessary to provide the service you have subscribed to
• Legitimate interest: Improving the platform and understanding how users interact with it
• Consent: Sending marketing or non-essential communications, where we ask for your consent separately
• Legal obligation: Retaining billing records and complying with applicable laws

We use the following cookies and browser storage mechanisms:

• icp_session: An HttpOnly session cookie used to keep you signed in. It contains a signed token linking to your account. It expires after 30 days
• Supabase auth cookies: Set during the OAuth login flow to manage the authentication handshake. These are short-lived and cleared after sign-in completes
• localStorage: We store your email address, display preferences, and completed quick wins locally in your browser to reduce load times. This data stays on your device

We do not use advertising cookies or third-party tracking pixels.

We share your information only with the following third parties, and only to the extent necessary to operate the platform:

• Supabase: Our database and authentication provider. Your account data and reports are stored in Supabase's infrastructure (AWS, EU region)
• Paystack: Our payment processor. Paystack handles your card details directly and we never store full card numbers
• Resend: Our email delivery provider. Your email address is shared with Resend solely to send you transactional and subscription emails
• Google: If you use Google sign-in, Google shares your profile data with us as described in section 2

We do not sell, rent, or trade your personal information with any other party.

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance reasons (for example, billing records, which we keep for 7 years as required under Kenyan tax law).

Uploaded CSV files used for analysis are deleted from our servers within 90 days of upload.

We take the security of your data seriously. Measures we have in place include:

• All data is transmitted over HTTPS (TLS)
• Session tokens are signed with HMAC-SHA256 and stored in HttpOnly cookies, inaccessible to JavaScript
• Database access uses row-level security and a service role key that is never exposed to the client
• Payment processing is handled entirely by Paystack, meaning card data never touches our servers

No system is completely immune to security risks. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Ask us to correct inaccurate data
• Deletion: Ask us to delete your account and personal data
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interest
• Withdrawal of consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at support@idealicp.com. We will respond within 30 days.

Ideal ICP is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Ideal ICP is based in Kenya, but some of our service providers (Supabase, Resend, Paystack) store and process data in other countries, including the United States and the European Union. By using the platform, you acknowledge that your data may be transferred internationally. We ensure that such providers have appropriate data protection safeguards in place.

Our platform may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies separately.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via a notice in the platform. The updated policy will take effect 14 days after notification. Continued use of the platform after that date constitutes acceptance.

For any privacy questions, data requests, or concerns, please contact: