GDPR Compliance

Last updated: December 15, 2024

Our GDPR Commitment

TinDev Studios is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines your rights under GDPR and how we ensure compliance across all our AI-powered productivity tools.

As a data controller, we take our responsibilities seriously and have implemented comprehensive measures to protect your privacy and data rights.

Your Rights Under GDPR

Right to Information (Article 13-14)

You have the right to know how we collect and use your personal data. We provide clear information about data processing in our Privacy Policy.

Right of Access (Article 15)

You can request access to your personal data and receive information about:

  • What personal data we process
  • Why we process it
  • Who we share it with
  • How long we keep it
  • Your rights regarding your data

Right to Rectification (Article 16)

You can correct inaccurate or incomplete personal data. Update your information through your account settings or contact us.

Right to Erasure (Article 17)

Request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there’s no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • Deletion is required for legal compliance

Right to Restrict Processing (Article 18)

You can limit how we use your data while we:

  • Verify the accuracy of contested data
  • Assess legitimate grounds for processing
  • Process your objection to data use

Right to Data Portability (Article 20)

Export your data in a machine-readable format to transfer to another service provider. Available for data processed based on consent or contract.

Right to Object (Article 21)

Object to processing based on legitimate interests, including:

  • Direct marketing (absolute right)
  • Profiling for marketing purposes
  • Processing for legitimate interests

Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated decision-making, including our AI systems used for resume optimization and content generation.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent (Article 6(1)(a))

  • Marketing communications
  • Non-essential cookies
  • Data analytics beyond service provision

Contract Performance (Article 6(1)(b))

  • Providing our AI-powered tools and services
  • Processing payments and subscriptions
  • Account management and customer support

Legal Obligation (Article 6(1)(c))

  • Tax and accounting requirements
  • Compliance with court orders
  • Data retention requirements

Legitimate Interests (Article 6(1)(f))

  • Security and fraud prevention
  • Service improvement and development
  • Internal analytics and research

Data Protection Measures

We implement comprehensive technical and organizational measures:

Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Regular Updates: Security patches and vulnerability assessments
  • Data Minimization: Collect only necessary data for service provision

Organizational Measures

  • Staff Training: Regular GDPR and data protection training
  • Data Protection Officer: Dedicated DPO overseeing compliance
  • Privacy by Design: Data protection built into new features
  • Incident Response: Procedures for data breach notification
  • Vendor Management: Due diligence on data processors

International Data Transfers

When transferring data outside the EEA, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate protection levels
  • Standard Contractual Clauses: EU-approved contractual safeguards
  • Binding Corporate Rules: Internal data protection standards
  • Certification Schemes: Recognized data protection certifications

Data Retention

We retain personal data only as long as necessary:

  • Account Data: Retained while your account is active plus 30 days
  • Usage Analytics: Aggregated data retained for 26 months
  • Support Communications: Retained for 3 years
  • Financial Records: Retained for 7 years (legal requirement)
  • Marketing Consent: Until consent is withdrawn

Exercising Your Rights

To exercise your GDPR rights:

Online

  • Access your account settings for basic data management
  • Use our Data Request Portal for formal requests
  • Download your data through account export features

Contact Us

Verification Process

To protect your data, we may request identity verification before processing requests. This may include:

  • Confirmation of account details
  • Security questions
  • Multi-factor authentication

Complaints and Supervisory Authority

If you’re unsatisfied with our response to your GDPR request, you have the right to lodge a complaint with:

  • Your local data protection authority
  • The Irish Data Protection Commission (our lead supervisory authority)
  • Any EU data protection authority where you have your habitual residence

We encourage contacting us first to resolve any concerns directly.

Contact Our Data Protection Team