GDPR Compliance

1. Introduction

CompanyIQ is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines how we handle your personal data in accordance with GDPR requirements.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you explicitly agree to our data processing activities
• Contract: To provide our services and fulfill our contractual obligations
• Legitimate Interest: To improve our services and prevent fraud
• Legal Obligation: To comply with applicable laws and regulations

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

3.1 Right to Access

You can request a copy of all personal data we hold about you, including information about how we process it.

3.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

3.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

3.4 Right to Restrict Processing

You can request that we limit how we process your personal data in certain situations.

3.5 Right to Data Portability

You can request a copy of your personal data in a structured, machine-readable format.

3.6 Right to Object

You can object to our processing of your personal data in certain circumstances, particularly for direct marketing purposes.

3.7 Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

4. Data Processing Activities

4.1 Data We Collect

• Email address for account management
• Company names and domains for research purposes
• Payment information (processed by Stripe)
• Usage data and analytics
• Technical data (IP address, browser type, etc.)

4.2 How We Use Your Data

• Provide and maintain our services
• Process payments and manage subscriptions
• Improve our AI algorithms and research accuracy
• Send important service updates
• Comply with legal obligations
• Prevent fraud and ensure security

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account Data: Retained while your account is active and for 30 days after deletion
• Research Data: Retained for 12 months unless you request earlier deletion
• Payment Data: Retained as required by financial regulations
• Analytics Data: Retained for 26 months for service improvement

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Secure data centers and infrastructure
• Employee training on data protection

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:

• Adequacy decisions by the European Commission
• Standard contractual clauses
• Binding corporate rules
• Other appropriate safeguards as required by GDPR

8. Third-Party Processors

We use trusted third-party service providers who process data on our behalf:

• Stripe: Payment processing (GDPR compliant)
• Supabase: Database and authentication (GDPR compliant)
• Vercel: Hosting services (GDPR compliant)
• Google Analytics: Website analytics (GDPR compliant)

9. Exercising Your Rights

To exercise your GDPR rights, please contact us using the information below. We will respond to your request within 30 days.

10. Data Protection Officer

If you have any questions about our GDPR compliance or data protection practices, you can contact our Data Protection Officer:

11. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not addressed your concerns adequately.

12. Updates to This Policy

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes.

13. Contact Information

For any questions about our GDPR compliance, please contact us: