GDPR Policy

Last updated: December 4, 2025

1. INTRODUCTION

This GDPR Policy explains how AuthenticAI complies with the General Data Protection Regulation (GDPR) (EU) 2016/679. The GDPR is a comprehensive data protection law that applies to the processing of personal data of individuals in the European Union (EU) and European Economic Area (EEA).

This policy supplements our Privacy Policy and describes your rights under the GDPR, the legal bases we rely on to process your personal data, and how we protect your information.

2. DATA CONTROLLER

For the purposes of the GDPR, AuthenticAI is the data controller responsible for your personal data. This means we determine how and why your personal data is processed.

Contact Details:
Email: privacy@getauthenticai.co

3. DATA WE COLLECT

We collect and process the following categories of personal data:

3.1. Account Information

  • Name and email address
  • Account credentials (encrypted passwords)
  • Profile information you choose to provide

3.2. Payment Information

  • Billing address and payment method details
  • Transaction history
  • Note: Payment card details are processed by our payment processor (Stripe) and are not stored on our servers

3.3. Usage Data

  • Text submissions and processed outputs
  • Feature usage statistics
  • Service preferences and settings

3.4. Technical Data

  • IP address and device identifiers
  • Browser type and version
  • Operating system
  • Referring URLs and pages visited

3.5. Communications Data

  • Support tickets and correspondence
  • Feedback and survey responses

4. HOW WE USE YOUR DATA

We use your personal data for the following purposes:

4.1. Service Delivery

  • Creating and managing your account
  • Processing your text submissions
  • Providing customer support
  • Sending service-related notifications

4.2. Billing and Payments

  • Processing subscription payments
  • Managing billing disputes and refunds
  • Detecting and preventing fraud

4.3. Service Improvement

  • Analyzing usage patterns to improve features
  • Developing new products and services
  • Testing and troubleshooting

4.4. Legal Compliance

  • Complying with legal obligations
  • Enforcing our Terms of Service
  • Protecting against legal liability

5. LEGAL BASES FOR PROCESSING

Under the GDPR, we must have a valid legal basis to process your personal data. We rely on the following legal bases:

Legal Basis Purpose
Contractual Necessity Processing necessary to provide the Service under our Terms
Legitimate Interest Improving our services, fraud prevention, and security
Consent Marketing communications (where required)
Legal Obligation Complying with laws and regulations

6. DATA SHARING

We do not sell your personal data. We may share your data with:

  • Service Providers: Third parties who provide hosting, payment processing, analytics, and customer support services
  • Legal Requirements: When required by law, court order, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly agree to share your data

All third-party service providers are required to maintain appropriate security measures and process data only as instructed by us.

7. INTERNATIONAL TRANSFERS

Your personal data may be transferred to and processed in countries outside the EU/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection
  • Other legally approved transfer mechanisms

8. DATA RETENTION

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account Data: Retained while your account is active and for up to 90 days after deletion
  • Payment Records: Retained for 7 years to comply with tax and accounting regulations
  • Usage Data: Aggregated and anonymized after 24 months
  • Support Communications: Retained for 3 years for quality assurance

9. YOUR GDPR RIGHTS

Under the GDPR, you have the following rights regarding your personal data:

Right What This Means
Right of Access Request a copy of your personal data
Right to Rectification Correct inaccurate or incomplete data
Right to Erasure Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing Limit how we use your data
Right to Data Portability Receive your data in a structured, machine-readable format
Right to Object Object to processing based on legitimate interests or direct marketing
Right to Withdraw Consent Withdraw consent for processing based on consent

To exercise any of these rights, please contact us at privacy@getauthenticai.co. We will respond to your request within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not complied with the GDPR.

10. COOKIES AND TRACKING

We use cookies and similar tracking technologies to provide and improve our Service. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

You can manage your cookie preferences through your browser settings or our cookie consent tool.

11. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication measures
  • Employee training on data protection
  • Incident response and breach notification procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by the GDPR.

12. THIRD-PARTY LINKS

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

13. CHILDREN'S DATA

Our Service is not intended for children under 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

14. CHANGES TO THIS POLICY

We may update this GDPR Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date at the top of this page
  • Sending you an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. CONTACT US

If you have any questions about this GDPR Policy or wish to exercise your rights, please contact us:

Email: privacy@getauthenticai.co

For complaints or concerns, you may also contact your local supervisory authority:

  • EU/EEA residents: Contact your national data protection authority
  • UK residents: Information Commissioner's Office (ICO) at ico.org.uk