Isurdan

Privacy Notice

Last updated: March 2026

1. Introduction

Isurdan ("we", "us", "our") is committed to protecting your privacy. This Privacy Notice explains how we collect, use, store, and share personal data when you use our people experience platform and visit our website.

We act as a data processor on behalf of our customers (your employer), who act as the data controller. This notice also covers data we collect as a data controller when you interact with our website or contact us directly.

2. Data We Collect

Depending on how you interact with Isurdan, we may collect:

  • Account & profile data: name, email address, job title, department, employee ID, profile photo.
  • Employment data: compensation details, equity grants, time-off balances, employment history, performance data.
  • Equipment data: assigned hardware, software licenses, IT inventory information.
  • Usage data: log-in times, pages visited within the platform, feature interactions, browser type, IP address.
  • Website analytics data: pages visited on isurdan.com, scroll depth, CTA interactions, traffic source, anonymous visitor identifier (with consent only).
  • Communication data: messages sent through the platform, support requests, feedback.
  • Website visitor data: name, email, and message content submitted through contact forms.

3. How We Use Your Data

We process personal data for the following purposes:

  • Providing and operating the Isurdan people experience platform on behalf of your employer.
  • Managing employee profiles, compensation, time off, equipment, and recruitment workflows.
  • Generating AI-powered insights such as flight risk analysis, career recommendations, and compensation benchmarking.
  • Ensuring platform security, preventing fraud, and enforcing our terms of service.
  • Responding to support requests and communications.
  • Improving our services through anonymized, aggregated analytics.

4. Legal Basis for Processing

Under the GDPR, we process personal data on the following legal bases:

  • Contract performance: processing necessary to provide our services to customers.
  • Legitimate interest: improving our platform, ensuring security, and conducting analytics.
  • Legal obligation: compliance with applicable laws and regulations.
  • Consent: where required, such as for marketing communications.

5. Data Storage & Security

Personal data is stored on secure cloud infrastructure within the European Economic Area (EEA). We implement industry-standard technical and organizational measures to protect your data, including encryption at rest and in transit, access controls, and regular security audits.

6. Data Sharing

We do not sell personal data. We may share data with:

  • Your employer: as the data controller, your employer has access to employee data within the platform.
  • Service providers: trusted third parties who assist in operating our platform (e.g., cloud hosting, email delivery), bound by data processing agreements.
  • Legal authorities: when required by law, regulation, or legal process.

7. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this notice, or as required by law. When a customer's contract ends, we delete or anonymize all associated data within 90 days, unless a longer retention period is required by law.

8. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") in certain circumstances.
  • Restrict processing of your data.
  • Port your data to another service in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact your employer (the data controller) or reach out to us directly. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies & Analytics

The Isurdan platform uses strictly necessary cookies for authentication and session management.

Marketing website analytics: With your consent, we collect anonymous usage data on our marketing website to understand how visitors interact with our pages and to improve the experience. This includes:

  • Pages visited and time spent on each page
  • Scroll depth and interactions with calls to action
  • Traffic source and campaign attribution (UTM parameters)
  • Anonymous visitor identifier (stored in your browser's local storage)

This data is collected only after you accept the analytics consent banner. You may decline analytics tracking without any impact on your ability to use the website. No personal data is collected until you voluntarily provide it (e.g., by signing up for a trial).

Trial signup linking: If you accept analytics tracking and subsequently sign up for a trial, your anonymous browsing history on isurdan.com is linked to your email address. This helps us understand the visitor-to-trial journey and improve our onboarding experience. This data is retained for 90 days after trial signup and then deleted.

In-app product analytics: Within the Isurdan platform, we collect aggregated usage data (page views, feature usage, interaction patterns) to improve product quality and identify usability issues. This data is processed as part of the service under your employer's data processing agreement. Individual analytics data is retained for 12 months.

We also use Plausible Analytics, a privacy-friendly, cookie-free analytics service that does not require consent under GDPR.

10. Changes to This Notice

We may update this Privacy Notice from time to time. We will notify customers of material changes via email or in-platform notification. The "Last updated" date at the top of this page indicates when this notice was last revised.

11. Contact Us

If you have questions about this Privacy Notice or our data practices, please contact us at:

hello@isurdan.com