Compliance

GDPR by design, not afterthought

Principles

Six pillars of data protection

01

Data Minimisation

We collect only the data strictly necessary to provide our service. No excessive collection, no hidden tracking, no data hoarding.

02

Purpose Limitation

Your data is used only for the purposes stated in our privacy policy. We never repurpose data without explicit consent.

03

Storage Limitation

Data is retained only as long as needed. When you close your account, your data is deleted within 90 days.

04

Integrity

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Access is controlled through role-based permissions and regular audits.

05

Accountability

We maintain documented data processing records, conduct regular impact assessments, and have clear internal data governance policies.

06

Lawfulness

Every data processing activity has a clear legal basis, whether contractual necessity, legitimate interest, or explicit consent.

Your data

Your rights

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure of your data
  • Right to data portability in machine-readable format
  • Right to restrict processing
  • Right to object to processing

Infrastructure

Technical measures

EU hostingAES-256 encryptionTLS 1.3Regular auditsDPA available

Questions about our data practices?

Contact us →