GDPR Compliant

GDPR Compliance

Bugalou is fully compliant with the General Data Protection Regulation (GDPR). We take privacy and data protection seriously.

EU-Based Hosting

Our databases are hosted within the EU for maximum compliance

Data Encryption

256-bit SSL/TLS encryption for all data transmission

User Rights

Full support for all GDPR user rights

Transparency

Clear privacy and cookie policies available

Data Processing

As data controller, we only collect and process data necessary for our service delivery.

Legal Basis

  • Contractual necessity for service delivery
  • Legitimate interest for platform improvement
  • Legal obligation for record keeping
  • Explicit consent for marketing

Data Minimization

  • Only collect necessary data
  • Automatic deletion after retention period
  • Anonymization where possible
  • No transfer to third parties without consent

Your Rights Under GDPR

You have full control over your personal data. We facilitate all your GDPR rights.

Access & Export

Download all your data in machine-readable format (JSON/CSV)

Within 30 days

Rectification & Update

Modify or correct your personal data via your account

Immediately available

Erasure

Delete your account and all associated data permanently

Within 48 hours

Security Measures

We implement state-of-the-art security measures to protect your data.

Encryption

256-bit SSL/TLS for transport, AES-256 for storage

Access Control

Role-based access, 2FA authentication, API key rotation

Database Security

Isolated databases, daily backups, disaster recovery

Monitoring

24/7 security monitoring, intrusion detection, audit logs

Compliance Audits

Annual security audits, penetration testing, compliance reviews

Incident Response

72-hour breach notification protocol per GDPR Art. 33

Data Processors

We only work with GDPR-compliant processors. All processors have signed a Data Processing Agreement (DPA).

Service ProviderPurposeLocationSafeguards
Neon (PostgreSQL)Database HostingEU (Germany)EU-based
StripePayment ProcessingUS / EUSCCs + PCI DSS
VercelApplication HostingGlobal (Edge)SCCs + DPA
Meta (WhatsApp)WhatsApp Business APIGlobalSCCs + DPA
OpenAIAI Chatbot ProcessingUSSCCs + DPA

GDPR Questions or Requests?

For questions about data protection or to exercise your GDPR rights, please contact our Data Protection Officer.

Response Time

Within 30 days per GDPR Art. 12

File a complaint? You have the right to file a complaint with the Dutch Data Protection Authority (AP) via autoriteitpersoonsgegevens.nl

GDPR Compliance - European Data Protection | Bugalou