GDPR Compliance.
We are committed to protecting your data and ensuring complete transparency in how we collect, process, and store information.
Last updated: January 25, 2026
1. Key Principles
Our approach to data protection is built on the core principles of GDPR. We ensure that all personal data is:
Lawfulness, Fairness, and Transparency
Processed legally and transparently.
Purpose Limitation
Collected only for specified, legitimate purposes.
Data Minimization
Limited to what is necessary for processing.
Accuracy
Kept accurate and up to date.
Storage Limitation
Retained only as long as necessary.
Integrity and Confidentiality
Processed securely to prevent unauthorized access.
2. Your Data Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access - Request copies of your personal data.
Right to Rectification - Request correction of inaccurate data.
Right to Erasure (Right to be Forgotten) - Request deletion of your data.
Right to Restrict Processing - Request restriction of how we use your data.
Right to Data Portability - Request transfer of your data to another organization.
Right to Object - Object to processing of your personal data.
3. Data Processing & Transfers
We process data primarily within the European Economic Area (EEA). However, as a global platform, some data may be processed by our sub-processors in other jurisdictions. In such cases, we rely on Standard Contractual Clauses (SCCs) to ensure data protection.
Authorized Sub-processors
4. Security Measures
We implement industry-standard technical and organizational measures to protect your data, including adherence to SOC2 Type II standards, AES-256 encryption at rest, and TLS 1.3 in transit.
5. Contact Our Data Protection Officer
If you have any questions about your rights or our privacy practices, please contact our DPO:
Data Protection Officer
Crafted Inc. Legal Team