Privacy Policy

Last updated: 3/7/2026

1. Introduction

EU GDPR Management Platform ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GDPR compliance management platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Password (encrypted)
  • Organization details

2.2 Compliance Data

As you use our platform, we store:

  • Records of Processing Activities (RoPA)
  • Data Subject Requests (DSR)
  • Data Protection Impact Assessments (DPIA)
  • Breach incident records
  • Vendor information
  • Consent records
  • Audit logs

2.3 Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage patterns and feature interactions

3. How We Use Your Information

We use your information to:

  • Provide and maintain our compliance management services
  • Process your subscription and payments
  • Send service-related notifications
  • Improve our platform and develop new features
  • Provide customer support
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: To provide our services as per our Terms of Service
  • Legitimate Interests: To improve our platform and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: For marketing communications (where required)

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Cloud hosting (Manus), payment processing (Stripe), email delivery
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. After account deletion, we retain certain data for legal compliance (e.g., financial records for 7 years). You can request deletion of your data at any time, subject to legal retention requirements.

8. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Limit processing of your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at [email protected]

9. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR.

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential functionality (authentication, session management)
  • Analytics (understanding usage patterns)
  • Preferences (remembering your settings)

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

11. Children's Privacy

Our platform is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related questions or to exercise your rights:

14. Supervisory Authority

If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection authority if you believe we have not complied with data protection laws.