GDPR Compliance | Wedge Stack Inc.

1. Overview

The General Data Protection Regulation (GDPR) is a comprehensive privacy regulation that protects the personal data of individuals in the European Union (EU) and European Economic Area (EEA). This document outlines Wedge Stack Inc.’s (d/b/a AI Collectify) commitment to GDPR compliance.

We are committed to protecting your personal data, regardless of where you are located, and have implemented specific measures to ensure our European users' rights are respected.

2. Data Controller & Processor

Under GDPR, there are two key roles: Data Controller and Data Processor.

You, the user, are the Data Controller for your clients' data. You determine the `"`purposes and means`"` of processing personal data.
Wedge Stack Inc. (d/b/a AI Collectify) is the Data Processor. We process data on your behalf, according to your instructions.

Our respective roles and responsibilities are clearly defined in our Data Processing Addendum (DPA).

3. Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

Contractual Necessity: Processing necessary for the performance of our contract with you (our Terms of Service).
Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, platform security, and fraud prevention.
Consent: Processing based on your explicit consent, such as for marketing communications, which you can withdraw at any time.
Legal Obligation: Processing necessary to comply with our own legal obligations.

4. How We Protect Your Data

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

End-to-end encryption for data in transit (TLS/SSL)
Encryption at rest for all database contents
Row-level security to ensure strict data isolation between tenants
Least-privilege access controls and authentication mechanisms
Regular security assessments and employee training
Data minimization by design

5. Your Rights Under GDPR

As a European user, you have the following rights regarding your personal data:

Right to Access: You can request a copy of your personal data.
Right to Rectification: You can request correction of inaccurate personal data.
Right to Erasure (`"`Right to be Forgotten`"`): You can request deletion of your personal data.
Right to Restrict Processing: You can request restriction of processing in certain circumstances.
Right to Data Portability: You can request transfer of your data to another service.
Right to Object: You can object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, please contact privacy@wedgestack.com. We will respond within 30 days.

6. International Data Transfers

Wedge Stack Inc. (d/b/a AI Collectify) is based in the United States. To legally transfer data from the EU/EEA, we rely on:

Standard Contractual Clauses (SCCs): We incorporate SCCs into our Data Processing Addendum to ensure appropriate data protection safeguards.
Supplementary Measures: We implement additional technical safeguards, like encryption, to protect data in transit and at rest.

7. Data Processing Addendum (DPA)

We offer a Data Processing Addendum (DPA) that details our roles, responsibilities, and data processing practices under GDPR. Our DPA incorporates Standard Contractual Clauses (SCCs) to ensure lawful data transfers.

8. Data Breach Notification

In the event of a personal data breach affecting you, we will notify you without undue delay after becoming aware of it. We will also notify the relevant supervisory authority within 72 hours where required.

9. Our Privacy Team

While we are not required to appoint a formal Data Protection Officer (DPO), we have a dedicated Privacy Team responsible for overseeing our data protection strategy and ensuring GDPR compliance.

10. Contact Us

For any questions about our GDPR compliance or to exercise your rights, please contact us at privacy@wedgestack.com.