GDPR & Data Protection

Last updated: [DATE]

1. Data Controller

Identify your legal entity as the data controller for customer personal data, including registered address and contact details for privacy inquiries (for example, a dedicated privacy email address).

2. Legal Bases for Processing

Describe the main legal bases you rely on under GDPR: contract performance, legitimate interests (such as product improvement and security), and compliance with legal obligations. Note any marketing communications that rely on consent.

3. Data Subject Rights

Summarize the rights available to EEA/UK residents: access, rectification, erasure, restriction, portability, and objection. Explain how users can submit requests and how you will authenticate them before acting on a request.

4. International Transfers

If you host data outside the EU/UK (for example, on US-based infrastructure), describe the safeguards you use, such as Standard Contractual Clauses or equivalent mechanisms, and where customers can find those documents.

5. Security Measures

Provide a short overview of your security practices (encryption, access controls, monitoring). You can link to a more detailed security or compliance page later once it is available.