Privacy Policy for Isaak with Holded compatibility

This page explains what data we process, how Holded credentials are handled, and what rights users have when connecting Holded as a compatible source in Isaak.

Last updated: March 19, 2026.

Key principle

Holded API keys are processed server-side and are not exposed to the client interface presented to the user.

Data we process

- Account data needed to identify the user inside Isaak.
- Holded connection data provided by the user, including the API key.
- Business data requested through the app, such as invoices, contacts, accounts, CRM items and projects.
- Operational logs required for security, support and troubleshooting.

Why we process it

- To connect the user account with Holded.
- To let Isaak retrieve and explain business information requested by the user.
- To improve reliability, traceability and support for the service.
- To comply with legal and security obligations applicable to the service.

Holded credentials

The user chooses which Holded account to connect by providing an API key. That key is encrypted and stored in backend infrastructure controlled by Isaak. It is not intended to be displayed back to the user after submission.

Contact and rights

For privacy requests, support or deletion requests, contact us through Holded support.