GDPR Compliance

Effective Date: December 6, 2024

1. Introduction

The General Data Protection Regulation (GDPR) is a European Union law that protects the privacy and personal data of EU residents. This page explains how Lipi.ai complies with GDPR requirements and your rights under this legislation.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

2.1 Consent (Article 6(1)(a))

  • Marketing communications and newsletters
  • Non-essential cookies and tracking
  • Optional data collection for service improvement

2.2 Contract Performance (Article 6(1)(b))

  • Account creation and management
  • Providing font recognition services
  • Processing payments and billing
  • Customer support and service delivery

2.3 Legitimate Interest (Article 6(1)(f))

  • Security monitoring and fraud prevention
  • Service improvement and analytics
  • Business communications

2.4 Legal Obligation (Article 6(1)(c))

  • Compliance with tax and accounting requirements
  • Responding to legal requests and court orders
  • Anti-money laundering compliance

3. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of Access (Article 15)

Request access to your personal data and information about how we process it.

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing (Article 18)

Request limitation of processing of your personal data.

Right to Data Portability (Article 20)

Request your data in a structured, machine-readable format.

Right to Object (Article 21)

Object to processing based on legitimate interests or direct marketing.

4. How to Exercise Your Rights

4.1 Submit a Request

To exercise your GDPR rights, you can:

  • Email us at: gdpr@lipi.ai
  • Use our online form: Data Request Form
  • Contact us through your account settings
  • Send a written request to our postal address

4.2 Identity Verification

To protect your privacy, we may need to verify your identity before processing your request. This may involve:

  • Confirming your account credentials
  • Requesting additional identification documents
  • Asking security questions

4.3 Response Timeline

Standard Response

Within 30 days of receiving your request

Complex Requests

Up to 60 days (with notification of extension)

Urgent Requests

We prioritize requests involving data breaches or security concerns

5. Data Processing Activities

5.1 Categories of Personal Data

Identity Data

Name, email address, phone number

Account Data

Username, password, preferences

Payment Data

Billing address, payment method details

Usage Data

Service usage, feature interactions, performance metrics

Technical Data

IP address, browser type, device information

Content Data

Images uploaded for font identification

5.2 Data Recipients

We may share your data with:

Service Providers

Cloud hosting (AWS), payment processing (Stripe), analytics (Google Analytics)

Business Partners

Integration partners, API customers (with your consent)

Legal Authorities

When required by law or court order

Acquirers

In case of business merger or acquisition

6. International Data Transfers

Your data may be transferred to countries outside the European Economic Area (EEA). We ensure adequate protection through:

Adequacy Decisions

Transfers to countries deemed adequate by the EU Commission

Standard Contractual Clauses

EU-approved contractual protections

Certification Schemes

Privacy Shield successor frameworks

Code of Conduct

Industry-specific privacy standards

7. Data Retention

Retention Periods

Account Data

Retained while account is active + 30 days after deletion

Usage Data

24 months for analytics, 12 months for operational logs

Payment Data

7 years for tax and accounting compliance

Marketing Data

Until consent is withdrawn + 30 days

Uploaded Images

Processed and deleted within 24 hours unless saved to account

8. Data Security Measures

We implement appropriate technical and organizational measures to protect your data:

Technical Measures

  • End-to-end encryption
  • Secure data centers
  • Regular security updates
  • Access controls and authentication
  • Automated backup systems

Organizational Measures

  • Data protection training
  • Privacy impact assessments
  • Vendor security reviews
  • Incident response procedures
  • Regular compliance audits

9. Data Protection Officer

Our Data Protection Officer (DPO) oversees GDPR compliance and can be contacted for privacy-related inquiries:

Email

dpo@lipi.ai

Address

Data Protection Officer
Lipi.ai
[Your Business Address]

10. Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. In the EU, you can contact:

  • Your local data protection authority
  • The Irish Data Protection Commission (if you're in Ireland)
  • The European Data Protection Board for cross-border issues

We encourage you to contact us first so we can try to resolve any concerns directly.

11. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures. Significant changes will be communicated through our Privacy Policy updates and direct notifications to affected users.

12. Contact Information

For GDPR-related inquiries, data requests, or privacy concerns:

GDPR Email

gdpr@lipi.ai

General Privacy

privacy@lipi.ai

Data Protection Officer

dpo@lipi.ai

Address

Lipi.ai GDPR Compliance Team
[Your Business Address]

Phone

[Your Contact Number]