GDPR Is Not Our Ceiling
It Is Our Floor
We built Reputation Scorecard to exceed GDPR requirements. Every feature starts with a privacy impact assessment. Every data flow is justified and documented.
Privacy by Design in practice
GDPR Article 25 requires privacy by design and by default. Most companies treat this as a documentation requirement. We treat it as an engineering mandate.
Before any new feature ships, our team completes a Data Protection Impact Assessment (DPIA). If a feature cannot be built with privacy by design, it does not ship.
- Data minimisation: we collect only what is necessary for the stated purpose
- Purpose limitation: data collected for one purpose is not used for another
- Storage limitation: data is retained only as long as necessary
- Accuracy: you can correct data at any time
- Integrity and confidentiality: encrypted at rest and in transit
- Accountability: complete audit logs of all processing activities
EU Data Residency Commitment
All personal data is stored and processed exclusively in Frankfurt, Germany (EU). We make the following binding commitments:
- No data stored outside the European Union
- No transfers to US-controlled processors without SCCs
- No sub-processors outside EU/EEA without explicit consent
- Frankfurt data centre selected for EU operational sovereignty
- Annual third-party data residency audit
All eight GDPR rights, fully implemented
Not listed in a policy document. Implemented as actual product features you can exercise from your account at any time.
Right of Access (Art. 15)
Export a full copy of all data we hold about you at any time. Machine-readable JSON and human-readable PDF formats available from your account settings.
Fully implementedRight to Rectification (Art. 16)
Correct any inaccurate personal data directly from your profile. Changes take effect immediately across all AI analyses.
Fully implementedRight to Erasure (Art. 17)
Delete your account and all associated data with a single click. Deletion is permanent and completed within 30 days including backups.
Fully implementedRight to Restriction (Art. 18)
Pause processing of your data while disputes are resolved. Your account remains accessible but AI features are suspended during restriction.
Fully implementedRight to Portability (Art. 20)
Download your complete dataset in standard JSON format, ready to import into any compatible service.
Fully implementedRight to Object (Art. 21)
Object to specific processing activities, including automated profiling. Your objection is honoured immediately while we review.
Fully implementedYour privacy is our product promise
Start your free assessment knowing your data is protected by the strongest privacy standards in the industry.