GDPR Compliance

Your data protection rights under European law

Last updated: January 15, 2025

GDPR Overview

The General Data Protection Regulation (GDPR) gives European Union citizens strong rights over their personal data. CrowdTrust is fully committed to GDPR compliance and protecting your privacy rights.

CrowdTrust is GDPR compliant since May 25, 2018

Your GDPR Rights

As an EU citizen, you have the following rights regarding your personal data:

1. Right to Access

You have the right to request a copy of all personal data we hold about you. This includes:

  • • What personal data we process
  • • Why we process it
  • • Who we share it with
  • • How long we keep it

2. Right to Rectification

You can request correction of any inaccurate or incomplete personal data we hold about you. You can update most information directly in your account settings.

3. Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • • It's no longer necessary for the original purpose
  • • You withdraw consent
  • • You object to the processing
  • • It was unlawfully processed

4. Right to Restrict Processing

You can request that we limit how we use your personal data while we resolve any concerns you have about its processing.

5. Right to Data Portability

You can request your personal data in a structured, commonly used, and machine-readable format to transfer to another service.

6. Right to Object

You can object to processing of your personal data for direct marketing or based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.

7. Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or significant effects.

8. Right to Withdraw Consent

Where we rely on consent to process your data, you can withdraw that consent at any time through your account settings or by contacting us.

Legal Basis for Processing

We process your personal data only when we have a valid legal basis:

Contract Performance

Processing necessary to provide our services to you under our Terms of Service

Legitimate Interests

Processing for our legitimate business interests, balanced against your rights

Consent

Processing based on your explicit consent, which you can withdraw anytime

Legal Obligations

Processing required to comply with applicable laws and regulations

Data Protection Measures

Technical Measures

  • • End-to-end encryption
  • • Regular security audits
  • • Access controls and authentication
  • • Secure data centers in the EU

Organizational Measures

  • • Data Protection Officer appointed
  • • Regular staff training
  • • Privacy by design principles
  • • Data processing agreements

International Data Transfers

When we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards:

  • • Standard Contractual Clauses approved by the European Commission
  • • Adequacy decisions for countries with sufficient data protection
  • • Your explicit consent for specific transfers
  • • Binding Corporate Rules for intra-group transfers

Data Retention Periods

Data TypeRetention Period
Account informationUntil account deletion + 30 days
Reviews and ratingsIndefinitely (unless requested for deletion)
Communication logs2 years
Technical logs90 days
Marketing dataUntil consent withdrawn

Cookie Consent

We comply with EU cookie regulations by:

  • • Obtaining explicit consent before setting non-essential cookies
  • • Providing clear information about cookie purposes
  • • Allowing granular control over cookie categories
  • • Making consent withdrawal as easy as giving it
Manage Cookie Preferences →

Data Breach Notification

In the unlikely event of a data breach that poses a high risk to your rights and freedoms:

  • • We will notify you without undue delay
  • • We will inform the relevant supervisory authority within 72 hours
  • • We will provide clear information about the breach and our response
  • • We will take immediate steps to mitigate any harm

Data Protection Officer

Our Data Protection Officer oversees GDPR compliance and is available to address your concerns:

Email: dpo@crowdtrust.ai

Mail: Data Protection Officer
CrowdTrust, Inc.
123 Trust Street
San Francisco, CA 94105
United States

Right to Lodge a Complaint

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with your local supervisory authority:

European Data Protection Board

Find your local authority at: edpb.europa.eu

Exercise Your Rights

Ready to exercise your GDPR rights? We make it easy.