Privacy Policy

GDPRKit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GDPR compliance assessment tool and services at gdprkit.eu ("Service").

We comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and all applicable data protection laws. By using our Service, you agree to the collection and use of information in accordance with this policy.

We process your personal data for the following purposes:

• •Service Delivery: To provide and maintain our Service
• •Account Management: To manage your account and authentication
• •Assessment Processing: To generate compliance scores and documents
• •Payment Processing: To process your transactions (via Stripe)
• •Communication: To send service updates and support responses
• •Improvement: To analyze usage and improve our Service
• •Legal Compliance: To comply with legal obligations
• •Security: To detect and prevent fraud and unauthorized access

Under GDPR, we process your data based on:

• •Contract: Processing necessary to provide the Service you requested (GDPR Art. 6(1)(b))
• •Legitimate Interest: Improving our Service and preventing fraud (GDPR Art. 6(1)(f))
• •Consent: Marketing communications (GDPR Art. 6(1)(a)) - you can withdraw anytime
• •Legal Obligation: Tax, accounting, and regulatory requirements (GDPR Art. 6(1)(c))

We share your data only with:

We never sell your data to third parties.

We retain your data as follows:

• •Account Data: Until you delete your account + 30 days
• •Assessment Data: Until you delete your account + 30 days
• •Payment Records: 7 years (legal requirement)
• •Support Tickets: 2 years after resolution
• •Usage Logs: 90 days

After deletion, data is anonymized or permanently deleted within 30 days.

You have the following rights:

• •Access: Request a copy of your personal data (Art. 15)
• •Rectification: Correct inaccurate data (Art. 16)
• •Erasure: Request deletion ("right to be forgotten") (Art. 17)
• •Restriction: Limit how we process your data (Art. 18)
• •Portability: Receive your data in a machine-readable format (Art. 20)
• •Object: Object to processing based on legitimate interests (Art. 21)
• •Withdraw Consent: For marketing communications (Art. 7(3))
• •Complain: Lodge a complaint with your data protection authority

To exercise your rights, email [email protected]. We respond within 30 days.

We implement industry-standard security measures:

• •Encryption: TLS/SSL for data in transit, AES-256 for data at rest
• •Authentication: Bcrypt password hashing, secure session management
• •Access Control: Role-based access, least privilege principle
• •Monitoring: Security logs, intrusion detection
• •Backups: Daily encrypted backups with 30-day retention
• •Incident Response: Breach notification procedures (within 72 hours)

While we strive for maximum security, no method is 100% secure. Please use a strong password.

We use the following cookies:

We do not use advertising cookies or third-party tracking.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• •Notify you via email for material changes
• •Update the "Last Updated" date
• •Maintain previous versions in our version history

Continued use of the Service after changes constitutes acceptance.

For privacy-related questions or to exercise your rights: