GDPR Compliance

Our GDPR Commitment

At Zof AI, we are committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). This commitment extends to all aspects of our platform and services.

Data Processing Principles

We adhere to the core GDPR principles:

• Lawfulness, fairness, and transparency - We process data lawfully and transparently
• Purpose limitation - Data is collected for specified, explicit purposes
• Data minimization - We only collect data that is necessary
• Accuracy - We keep personal data accurate and up to date
• Storage limitation - Data is kept only as long as necessary
• Integrity and confidentiality - We ensure appropriate security

Your Rights Under GDPR

As a data subject, you have the following rights:

Technical Measures

We implement robust technical measures to ensure GDPR compliance:

• End-to-end encryption for data in transit and at rest
• Pseudonymization and anonymization where applicable
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Comprehensive logging and audit trails

Data Processing Agreement (DPA)

Enterprise customers can request a Data Processing Agreement (DPA) that outlines our obligations as a data processor. This agreement covers:

• Scope and nature of data processing
• Confidentiality obligations
• Security measures
• Sub-processor management
• Data subject rights assistance
• Data breach notification procedures

Sub-Processors

We maintain a list of approved sub-processors who may process personal data on our behalf. View our complete sub-processor list.

Data Transfers

For data transfers outside the EEA, we rely on:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions where applicable
• Binding Corporate Rules (BCRs) for certain providers

Contact Our DPO

If you have questions about our GDPR compliance or wish to exercise your rights, please contact our Data Protection Officer: