Your Data Rights (GDPR)

We respect your privacy and comply fully with the EU General Data Protection Regulation (GDPR). Here's a simple guide to your rights and how we protect your data.

What is GDPR?

The General Data Protection Regulation (GDPR) is an EU law that protects your personal data and gives you control over how it's collected, used, and stored.

Your guarantee: We store all data on EU servers (Frankfurt), encrypt everything, never sell your data, and honor all your GDPR rights—no questions asked.

Your 8 Data Rights

1

Right to Be Informed

You have the right to know what data we collect, why we collect it, how we use it, and who we share it with.

See our full Privacy Policy for complete details.
2

Right of Access

You can request a copy of all personal data we hold about you. We'll provide it in a readable format (JSON or CSV).

"I want to see what assessment data and account information you have stored about me."
3

Right to Rectification

You can correct any inaccurate or incomplete data. Most data can be updated directly in your account settings.

"My email address is wrong. Please update it to..."
4

Right to Erasure ("Right to Be Forgotten")

You can request deletion of all your personal data. We'll delete everything within 30 days (except purchase records required by tax law).

"Delete all my data. I no longer want to use your service."
5

Right to Restrict Processing

You can ask us to stop processing your data temporarily (but not delete it) while we resolve a dispute or verify accuracy.

"I contest the accuracy of my assessment. Please pause processing until we resolve this."
6

Right to Data Portability

You can receive your data in a machine-readable format to transfer to another service provider.

"Export my assessment responses and results so I can use them with another career tool."
7

Right to Object

You can object to data processing based on legitimate interest. We'll stop unless we have compelling grounds to continue.

"Stop using my data to improve your assessment model."
8

Rights Related to Automated Decision-Making

You have the right to human review of automated decisions (like your AI risk score), contest results, and receive explanations.

"I want a human to review my assessment score. I don't understand how it was calculated."

Exercise Your Rights

To make a GDPR request, email us with "GDPR Request" in the subject line. We'll respond within 30 days (as required by law).

Send GDPR Request

How We Protect Your Data

🔒 Encryption

All data is encrypted:

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Encrypted backups

🇪🇺 EU Storage Only

Your data never leaves the EU:

  • Stored in Frankfurt, Germany
  • GDPR-compliant hosting (Supabase EU)
  • No data transfers to non-EU countries (except with proper safeguards)

🛡️ Access Control

Strict access limitations:

  • Only authorized personnel can access data
  • Multi-factor authentication required
  • All access is logged and monitored

🗑️ Data Retention

We don't keep data forever:

  • Assessment data: 3 years, then auto-deleted
  • Account data: Deleted 30 days after account closure
  • Purchase records: 7 years (EU tax law)

What Data We Collect

We collect only what's necessary to provide your assessment:

When You Take the Assessment:

  • Job title, role, industry, company size
  • Task breakdown and work patterns
  • Skills and AI tool familiarity
  • Career goals

When You Purchase a Report:

  • Email address (for report delivery)
  • Name (optional)
  • Country (for VAT)
  • Payment details (processed by Creem, not stored by us)

Automatically:

  • IP address (anonymized after 30 days)
  • Browser and device type
  • Country (for analytics)

We do NOT collect:

  • Social security numbers or government IDs
  • Credit card details (handled by Creem)
  • Sensitive personal data (health, race, religion, etc.)
  • Precise location data

How We Use Your Data

We use your data ONLY for these purposes:

  • Generate your report: Analyze your responses to create your AI career assessment
  • Deliver your report: Send it via email and provide online access
  • Process payment: Complete your purchase and issue invoices
  • Provide support: Answer questions and resolve issues
  • Improve the service: Enhance accuracy using anonymized, aggregated data only
  • Prevent fraud: Detect and prevent abuse

We do NOT:

  • Sell your data to third parties
  • Use your data for advertising
  • Share your results with employers
  • Send marketing emails (unless you opt in)
  • Train public AI models with your data

Third-Party Services

We share data only with these trusted, GDPR-compliant providers:

  • Supabase (EU): Database hosting in Frankfurt
  • Creem: Payment processing (PCI-DSS compliant)
  • Vercel (EU): Website hosting
  • Anthropic (US): AI report generation (Standard Contractual Clauses, no personal identifiers sent)

Filing a Complaint

If you're unsatisfied with how we handle your data, you have the right to file a complaint with your national data protection authority.

Find your authority: edpb.europa.eu/members

We encourage you to contact us first at support@dailylab.space so we can resolve your concern directly.

Contact Our Data Protection Officer

For privacy concerns or GDPR questions:

  • Email: support@dailylab.space
  • Subject line: "GDPR Request" or "Data Protection"
  • Response time: Within 30 days (GDPR requirement)

Questions about your data rights?

We're here to help. Email support@dailylab.space with any questions about GDPR, privacy, or data security.

See our complete Privacy Policy for full legal details.