GDPR Compliance
Last updated: January 15, 2025
Our Commitment to GDPR
ObserviX is fully committed to complying with the General Data Protection Regulation (GDPR). As a global marketing analytics platform, we understand the importance of protecting the personal data of EU residents and have built our platform with privacy by design.
What is GDPR?
The General Data Protection Regulation is the EU's comprehensive data protection law that gives individuals control over their personal data. It applies to any organization that processes personal data of EU residents, regardless of where the organization is located.
How ObserviX Ensures GDPR Compliance
1. Lawful Basis for Processing
We process personal data only when we have a lawful basis:
- Contract: To provide our analytics services
- Legitimate Interest: For security and fraud prevention
- Consent: For marketing communications
- Legal Obligation: To comply with laws
2. Data Minimization
- Our Pixel collects only essential tracking data
- IP addresses are processed but not stored
- You control what events to track through Event Manager
- Session data is automatically aggregated after 90 days
3. Privacy by Design
- Multi-tenant architecture with complete data isolation
- End-to-end encryption for data in transit and at rest
- Role-based access controls (Admin, Analyst, Viewer)
- Comprehensive audit logging
4. Your Rights Under GDPR
We fully support all GDPR data subject rights:
- Right to Access: Download your data anytime
- Right to Rectification: Update incorrect information
- Right to Erasure: Request complete data deletion
- Right to Portability: Export data in machine-readable format
- Right to Object: Opt-out of certain processing
- Right to Restrict: Limit processing of your data
5. International Data Transfers
When transferring data from the EU to the US, we use:
- Standard Contractual Clauses (SCCs)
- Technical safeguards including encryption
- Plans for EU data centers (coming soon)
6. Data Protection Officer
Igor Flyunt Founder & CEO Email: info@observix.ai Phone: +1-626-866-1457
7. Data Breach Procedures
In the unlikely event of a data breach:
- We'll notify affected customers within 72 hours
- Provide full details of the incident
- Outline steps taken to address the breach
- Recommend protective actions
Tools for GDPR Compliance
For Your Customers
- Consent Management: Configure tracking to respect user consent
- Data Deletion API: Automate deletion requests
- Privacy-Friendly Tracking: First-party cookies only
- Anonymization Options: Remove PII from tracking data
For Your Business
- Data Processing Agreement (DPA): Available for all customers
- Audit Logs: Track all data access and changes
- Export Tools: Bulk export capabilities
- Retention Controls: Set custom data retention periods
Data Processing Agreement
We offer a comprehensive DPA that includes:
- Detailed processing terms
- Security measures
- Sub-processor list
- Audit rights
- Standard Contractual Clauses
Request your DPA: Email info@observix.ai with your company details
Sub-Processors
We use carefully selected sub-processors:
- Microsoft Azure: Cloud infrastructure (US/EU)
- Stripe: Payment processing (US)
- Email Provider: Transactional emails
All sub-processors are bound by data protection agreements.
Frequently Asked Questions
Q: Where is my data stored? A: Currently in the US with enterprise-grade security. EU data centers coming soon.
Q: Can I delete individual user data? A: Yes, through our dashboard or API.
Q: Do you sell personal data? A: Never. We explicitly prohibit data selling.
Q: How quickly do you respond to data requests? A: Within 48 hours for acknowledgment, 30 days for completion.
Stay Updated
GDPR compliance is an ongoing commitment. We regularly update our practices to ensure continued compliance with evolving regulations.
Contact Us
For GDPR-related questions or to exercise your rights:
- Email: info@observix.ai
- Phone: +1-626-866-1457
- Address: ObserviX, Inc., 20 N Wacker Dr, Suite 1200, Chicago, IL 60606
Learn More: Read our full Privacy Policy