EconDiagrams ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect when you use econdiagrams.com and our related services (the "Service"), why we collect it, how we use it, and the rights you have over it under the EU General Data Protection Regulation (GDPR) and applicable Hungarian data protection law.
1. Data Controller
The legal entity responsible for the processing of your personal data is:
- Company: EconDaddy.com Ltd.
- Registered Office: Julia u. 1, Budapest 1026, Hungary
- Company Registration: 01-09-419567
- EU VAT: HU32350885
- Data Protection Contact: support@econdiagrams.com
2. What Data We Collect
We only collect data that is necessary to provide, secure, and improve the Service.
a) Account data
- Email address (required to create an account and sign in)
- Display name, school name, year group (optional, provided by you in settings)
- Profile picture / avatar (optional)
- Role (student / teacher) and IB subject selections (optional)
b) Authentication data
- One-time passcodes (OTP) sent to your email for login — stored temporarily (max 5 minutes) and never after verification
- Session tokens stored as HTTP-only cookies to keep you signed in
c) User-generated content
- Whiteboards, diagrams, collections, and any notes you create
- This content is private to your account unless you explicitly share it
d) Payment data (Pro subscribers)
- We do not store your card details. Payment processing is handled entirely by Stripe.
- We store your Stripe customer ID and subscription status to manage your plan.
e) Technical data
- IP address, browser type, operating system, device type
- Pages visited, time on site, referring URL, approximate geographic region
- This data is collected via our analytics providers, subject to your cookie consent.
3. Legal Basis for Processing
Under GDPR Article 6, we rely on the following legal bases:
- Contract (Art. 6(1)(b)) — to create and operate your account, provide the Service, and process payments
- Legitimate interest (Art. 6(1)(f)) — to secure the Service, prevent fraud, and improve our product (balanced against your rights)
- Consent (Art. 6(1)(a)) — for non-essential cookies, analytics, and marketing pixels. You can withdraw consent at any time via the cookie settings.
- Legal obligation (Art. 6(1)(c)) — to comply with Hungarian tax and accounting law (invoice retention)
4. How We Use Your Data
- To create and maintain your account and authenticate you
- To provide the diagram editor and save your work
- To process payments and manage your subscription via Stripe
- To send transactional emails (OTP codes, billing notifications, critical service announcements)
- To send promotional and marketing messages (product updates, new features, educational tips, special offers, and related EconDaddy.com services) — see §5 for details and how to opt out
- To detect abuse, fraud, and security issues
- To analyse aggregate usage and improve the Service (consent-based)
- To comply with legal obligations, including tax and accounting requirements
5. Promotional & Marketing Communications
By creating an account, you acknowledge that we may send you promotional messages by email — including product updates, new diagram templates, study tips, special offers, and occasional communications about related services from EconDaddy.com Ltd. These messages are sent on the basis of our legitimate interest in informing existing users about our products (GDPR Art. 6(1)(f), in combination with the "soft opt-in" permitted under Hungarian Act XLVIII of 2008 §6(4)).
You can opt out of promotional emails at any time, free of charge, by:
- Clicking the unsubscribe link at the bottom of any marketing email, or
- Changing your preferences in Account Settings → Notifications, or
- Emailing support@econdiagrams.com with the subject "Unsubscribe".
Opting out of marketing does not stop transactional emails (e.g. login codes, receipts, security alerts) — these are necessary to operate your account and cannot be disabled while your account is active.
6. Data Sharing & Third-Party Processors
We share data with carefully selected processors who help us run the Service. Each processor is bound by a Data Processing Agreement (DPA) and GDPR-compliant safeguards.
- Stripe, Inc. — payment processing (US, with EU Standard Contractual Clauses)
- Google Ireland Ltd. — Google Analytics (consent-based, IP anonymised)
- Microsoft Ireland Operations Ltd. — Clarity heatmaps & Bing UET (consent-based)
- Meta Platforms Ireland Ltd. — Facebook/Instagram advertising pixels (consent-based)
- TikTok Technology Ltd. — TikTok pixel (consent-based)
- LinkedIn Ireland Ltd. — LinkedIn Insight Tag (consent-based)
- Pinterest Europe Ltd. — Pinterest Tag (consent-based)
- SalesAutopilot Kft. — transactional email delivery (Hungary)
- Hosting providers — EU-based data centres for database and application hosting
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.
7. International Transfers
Some of our processors (notably Stripe, Meta, TikTok, Google, Microsoft) may transfer data outside the European Economic Area. In those cases, we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions to ensure your data remains protected to an equivalent standard.
8. Data Retention
- Account data & content: retained while your account is active. Deleted within 30 days after you delete your account.
- OTP codes: max 5 minutes in memory, then purged.
- Session tokens: up to 30 days, or until you log out.
- Invoices & billing records: 8 years, as required by Hungarian accounting law.
- Analytics data: up to 14 months (configurable per provider).
- Backups: up to 35 days in encrypted form.
9. Your Rights Under GDPR
You have the following rights over your personal data:
- Access (Art. 15) — request a copy of the data we hold about you
- Rectification (Art. 16) — correct inaccurate data
- Erasure / "right to be forgotten" (Art. 17) — request deletion of your account and data
- Restriction (Art. 18) — limit how we process your data
- Portability (Art. 20) — receive your data in a machine-readable format (you can also use the in-app "Export my data" feature)
- Objection (Art. 21) — object to processing based on legitimate interest
- Withdraw consent — at any time, for processing based on consent
- Not be subject to automated decision-making (Art. 22) — we do not make legally significant decisions about you solely on automated processing
To exercise any of these rights, email support@econdiagrams.com. We will respond within 30 days.
10. Right to Lodge a Complaint
If you believe we have mishandled your data, you have the right to lodge a complaint with a supervisory authority. In Hungary, the competent authority is:
- Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
- Address: Falk Miksa utca 9-11, 1055 Budapest, Hungary
- Website: naih.hu
11. Security
We protect your data using industry-standard security measures: HTTPS/TLS encryption in transit, encrypted storage at rest, hashed credentials, rate limiting, and regular security updates. Access to production systems is limited to authorised personnel only.
No system is completely secure. If a data breach occurs that is likely to result in risk to your rights, we will notify you and the NAIH within 72 hours as required by GDPR Article 33.
12. Children
EconDiagrams is intended for IB Diploma students (typically aged 16–19) and teachers. We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have done so, contact us and we will delete the data.
13. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be announced via email and/or a prominent notice on the Service. The "Last updated" date at the top reflects when changes took effect.
14. Contact
Questions, requests, or complaints about this policy:
Email: support@econdiagrams.com
Post: EconDaddy.com Ltd., Julia u. 1, Budapest 1026, Hungary
See also our Cookie Policy and Terms & Conditions.