GDPR Compliance
GDPR Compliance
What is GDPR?
GDPR stands for General Data Protection Regulation — a law enforced by the EU to protect end users' personal data. This law governs various aspects of data security. This document explains how we protect your data, what our responsibilities are, and what your responsibilities are. We strongly recommend you read this entire policy and other relevant documentation before using our application. We are not responsible for any negligence or data protection failure on your part or by any third party.
Definition of Personal Data
Personal data includes any information tied to an individual — name, image, email, address, social media posts, location, IP address, etc. Regardless of where it's stored, this data always belongs to the user. Data cannot be viewed, stored, or shared without the user’s explicit or implicit consent.
Developer Responsibilities
The developer is responsible for secure handling of all user data (both directly submitted and automatically collected) on the backend. User data may be accessed temporarily for maintenance. No backdoors are maintained, and user logs are not retained beyond what is necessary. Admins are advised to change credentials after any developer access. The developer is not responsible for credential leakage or third-party breaches.
Application Admin Responsibilities
Admins have full access to user data, databases, and logs. Admins are responsible for ensuring that user data is not shared without prior, explicit notification. Admins must secure the application environment and protect user data from unauthorized access or leakage.
User Responsibilities
Users are responsible for reading our documentation and ensuring their credentials are secure. Weak passwords or sharing credentials increases the risk of unauthorized access. Users should immediately change their credentials if any suspicious activity occurs.
Our Commitments Under GDPR
- We collect the minimum necessary data
- We enforce HTTPS site-wide
- We destroy cookies and sessions after logout
- We do not track users for commercial purposes
- We disclose any data logging (IP, location) used for security
- We maintain clear Terms and Privacy Policies
- We notify users of third-party data sharing
- We provide permanent deletion upon account termination
- We patch vulnerabilities regularly
GDPR-Enabled Features
1. Data Erasure
Users can permanently delete their data upon subscription cancellation. This is irreversible, so users are encouraged to back up any needed data beforehand.
2. Data Encryption
Most personal data is stored in encrypted format. In case of breach, attackers will only access encrypted hashes. Some data like usernames may remain unencrypted due to functionality needs.
3. No Persistent Cookies
Users can choose to save cookies or not. All cookies and sessions are destroyed upon logout. We recommend using tools like LastPass instead of saving credentials in browsers.
4. No Behavioral Tracking
We do not track user behavior or use it for commercial targeting. Security-related logs like login time or IP may be stored but are deleted upon account deletion.
5. Activity Notifications
Users are notified via email of key activities like password changes or account access. Users should change passwords if they notice any anomalies.
6. Policy Update Notifications
Users will be notified of any updates to our privacy or GDPR-related policies.
7. Secure Connections
All data transmissions use HTTPS. Even if intercepted, the data will be encrypted and unreadable.
8. No Hidden Data Collection
There are no backdoors or hidden logging mechanisms. Only admins with valid credentials can access the application after deployment.
Data Breach Policy
We employ encryption, input validation, SQL injection prevention, and other best practices to secure your data. However, AIGETO is not responsible for breaches caused by:
- Weak admin passwords
- Server misconfigurations
- External attacks on hosting providers or third-party integrations
For such matters, please contact your application administrator directly.