🇪🇺 Data Protection

GDPR Compliance

Our commitment to protecting your data under the General Data Protection Regulation

🔒

Data Encrypted

256-bit SSL

🛡️

SOC2 Certified

Type II

🇪🇺

EU Data Centers

Available

👤

DPO Appointed

Dedicated

Our GDPR Commitment

Ahtapus is fully committed to GDPR compliance. We have implemented comprehensive measures to ensure your data is processed lawfully, fairly, and transparently.

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access (Article 15)

You can request a copy of all personal data we hold about you. We will respond within 30 days.

Right to Rectification (Article 16)

You can request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure (Article 17)

Also known as the “right to be forgotten,” you can request deletion of your personal data when it’s no longer necessary.

Right to Restrict Processing (Article 18)

You can request that we limit how we use your data in certain circumstances.

Right to Data Portability (Article 20)

You can receive your data in a structured, commonly used format and transfer it to another service.

Right to Object (Article 21)

You can object to processing of your personal data for direct marketing or legitimate interests.

How We Protect Your Data

Encryption: All data is encrypted in transit and at rest using AES-256
Access Controls: Strict role-based access with multi-factor authentication
Audit Logs: Complete audit trail of all data access and modifications
Regular Testing: Penetration testing and vulnerability assessments
Employee Training: All staff trained on GDPR requirements
Incident Response: 72-hour breach notification procedure

Data Processing

We process data based on the following legal bases:

Contract: Processing necessary to fulfill our service agreement
Consent: Where you have given explicit consent
Legitimate Interest: For improving our services and preventing fraud
Legal Obligation: Where required by law

Sub-Processors

We use carefully selected sub-processors who are also GDPR compliant:

Amazon Web Services (hosting)
Stripe (payment processing)
SendGrid (email delivery)
Pusher (real-time synchronization)

A complete list of sub-processors is available upon request.

Data Retention

We retain your data only as long as necessary:

Active accounts: Duration of service plus 30 days
Deleted accounts: Data deleted within 90 days
Financial records: As required by law (typically 7 years)
Backups: Rotated and deleted within 30 days

International Transfers

When data is transferred outside the EU/EEA, we ensure protection through:

Standard Contractual Clauses (SCCs)
Adequacy decisions where applicable
EU-based data center options for EU customers

Exercise Your Rights

To exercise any of your GDPR rights:

Email: gdpr@ahtapus.com
Use the privacy settings in your account dashboard
Contact our DPO: dpo@ahtapus.com

We will respond to all requests within 30 days.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Irish Data Protection Commission.

Data Protection Officer

Our appointed DPO can be reached at:

Email: dpo@ahtapus.com
Address: Data Protection Officer, Ahtapus, 350 Fifth Avenue, Suite 5100, New York, NY 10118

Have Questions About Your Data?

Our team is here to help you understand and exercise your privacy rights.