GDPR Compliance
How SGEScore protects your data under the General Data Protection Regulation
Our Commitment to GDPR
SGEScore is committed to protecting the privacy and security of your personal data. We comply with the General Data Protection Regulation (GDPR) and have implemented comprehensive measures to ensure your data rights are respected.
As a data controller, we determine the purposes and means of processing personal data. We only process data when we have a lawful basis to do so, and we are transparent about how we use your information.
Your Rights Under GDPR
Right to Access
You have the right to request a copy of all personal data we hold about you. We will provide this information within 30 days of your request.
Right to Rectification
You can request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.
Right to Erasure
You can request that we delete your personal data when it's no longer necessary for the purposes for which it was collected.
Right to Restrict Processing
You can request that we limit the way we use your personal data while we verify its accuracy or legitimacy of processing.
Right to Data Portability
You can request a copy of your data in a machine-readable format to transfer to another service provider.
Right to Object
You can object to the processing of your personal data for direct marketing purposes at any time.
Data Processing Activities
| Purpose | Data | Legal Basis | Retention |
|---|---|---|---|
| Account Management | Email, name, password (hashed) | Contract performance | Until account deletion |
| AI Visibility Tracking | Website URLs, brand names, prompts | Contract performance | Until account deletion |
| Payment Processing | Billing information via Stripe | Contract performance | As required by law |
| Analytics | Usage data, anonymized | Legitimate interest | 26 months |
| Customer Support | Support tickets, communications | Contract performance | 3 years |
Technical & Organizational Measures
We have implemented appropriate technical and organizational measures to ensure the security of your personal data:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Employee training on data protection
- Incident response and breach notification procedures
- Regular data backup and disaster recovery
- Privacy by design principles in product development
International Data Transfers
SGEScore processes data in the European Union and the United States. For any transfers outside the EEA, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data processing agreements with all sub-processors
- Regular assessment of third-party data protection practices
Our Sub-processors
We use the following third-party services that may process your data:
- Supabase: Authentication and database services (EU & US)
- Stripe: Payment processing (US, Privacy Shield certified)
- Vercel: Website hosting (Global edge network)
- OpenAI: AI query processing (US)
- Anthropic: AI query processing (US)
Exercise Your Rights
To exercise any of your GDPR rights, you can:
- Use the settings in your account dashboard
- Email our Data Protection Officer
- Submit a request through our contact form
We will respond to your request within 30 days. In certain circumstances, we may need to extend this period, in which case we will inform you of the extension and reasons.
Data Protection Officer
Email: dpo@sgescore.com
Complaints
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection supervisory authority. We encourage you to contact us first so we can address your concerns.
For users in Ireland, the relevant authority is the Data Protection Commission (DPC): www.dataprotection.ie