Is CustomGPT.ai GDPR compliant?

What is GDPR and why it matters

The General Data Protection Regulation (GDPR) is a comprehensive data privacy law enacted by the European Union (EU) to safeguard individuals' personal data and grant them greater control over how their information is collected, stored, and used. Effective since May 25, 2018, GDPR applies to any organization that processes personal data of individuals in the EU, regardless of where the organization is based. Compliance is crucial not only to meet legal requirements but also to build trust with customers, as it demonstrates a commitment to transparency, data security, and respect for user privacy.

CustomGPT.ai commitment to protecting user data and privacy

GDPR compliance at CustomGPT.ai isn’t just about legal adherence; it’s about respecting your privacy and fostering trust. By prioritizing your right to data protection, we aim to not only comply with GDPR but to set an example for data privacy that others can follow. Your trust is our top priority, and through GDPR compliance, we strengthen that bond.

GDPR Compliance Measures

User Consent for Data Collection

From the moment you interact with CustomGPT.ai, your consent is sought. We believe in clear and open communication about what data we collect and why. This means no fine print or confusing terms—just straightforward information allowing you to make informed decisions.

Protecting User Data

We treat your data with the utmost care. CustomGPT.ai employs robust security measures to keep your data safe from unauthorized access or leaks. We adhere strictly to data minimization principles, collecting only what’s necessary to deliver our services and nothing more.

Encryption and security protocols

We use SSL encryption to protect data during transit and industry-standard 256-bit AES encryption to secure data at rest, ensuring the highest levels of data protection.

Data Breach Notifications

If the unexpected happens, we’re prepared—and you’ll be the first to know. CustomGPT.ai has systems in place for quick detection of any data breaches. Should one occur, we’ll promptly notify you and guide you through steps to secure your data, while also informing the relevant authorities.

Data Subject Request (DSR) Procedures

Your data belongs to you. With CustomGPT.ai, you can easily access your information and, should you choose, instruct us to delete it. Our processes are designed to be user-friendly, ensuring that managing your data is as simple as asking a question.

🚧

Note: If you want to submit a DSR, please fill up our Privacy Request Form and we will get back to you as soon as possible.

Data Processing Details

We collect, process, and store various types of personal data, including email addresses, usage data, and data communicated during service use. Additional data, such as trackers and activity data, may be collected automatically to support the functionality of our application. This data enables us to provide and improve our services, manage accounts, facilitate payments, and ensure a secure and efficient user experience.

Our processing of personal data is based on legal grounds, including user consent, the necessity to fulfill contractual obligations, compliance with legal requirements, and our legitimate interests, such as ensuring service functionality and preventing fraudulent activity. We adhere to strict security measures to protect data during processing and storage, and data is only retained as long as necessary to fulfill the purposes for which it was collected or as required by law.

Please consult our Privacy Policy for more details.

Third-Party Processors

We work with trusted third-party processors to provide essential services, including hosting, payment processing, email management, and analytics. These include providers such as Amazon Web Services (AWS) for hosting, Stripe for payment processing, Google Workspace for productivity, and Automattic (WordPress.com and Gravatar) for platform services. All third-party processors we engage with adhere to GDPR compliance requirements, ensuring that your data is handled securely and in accordance with applicable regulations.

Data shared with these processors is limited to what is necessary to deliver their specific services. For example, payment information is shared directly with payment processors, while hosting providers manage infrastructure and store data securely. Each third party processes data strictly under our instructions and implements robust measures to safeguard your personal information.

Please consult our Privacy Policy for more details.

Retention Policy

We retain user data only as long as necessary to fulfill the purposes for which it was collected, such as providing services, complying with legal obligations, or supporting legitimate business interests. Personal data is stored securely and is deleted or anonymized when it is no longer needed. For example, data related to contractual obligations is retained until the contract is fully performed, while data processed based on user consent is deleted upon withdrawal of consent.

In some cases, we may be required to retain data longer to comply with legal requirements or resolve disputes. Once the retention period expires, all personal data is securely deleted or anonymized to ensure it cannot be linked back to any individual.

Please consult our Privacy Policy for more details.

Cookie Policy and Consent

We use cookies and similar tracking technologies ("Trackers") on our platform to enhance functionality, improve user experience, and enable essential services. These include both first-party cookies, managed directly by us, and third-party cookies, used by service providers such as Stripe and Google Tag Manager. Depending on the applicable law, certain cookies may require user consent before being set. Users can freely provide or withdraw consent at any time.

To manage cookie preferences, users can access the privacy choices panel available on our platform. Alternatively, users can control or delete cookies through their browser settings, which allow viewing, blocking, or clearing cookies. On mobile devices, cookie preferences can be adjusted in the device's tracking or advertising settings. Note that disabling cookies may impact the functionality and user experience of the platform. For further assistance, users are encouraged to contact us directly.

Please consult our Cookie Policy for more details.

Data Protection Officer (DPO) Contact Information

Please fill up our contact form and we will get back to you as soon as possible.