SageTweaks GDPR Compliance — EU Data Rights & Privacy

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union (EU) and European Economic Area (EEA). It regulates how businesses collect, use, store, and protect personal data of EU/EEA residents.

At SageTweaks, we are committed to full GDPR compliance and protecting your fundamental rights to data privacy and protection.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

1.Right to Access (Art. 15)

You can request a copy of all personal data we hold about you.

How to Exercise:Log in to your dashboard and click "Export My Data" or email support@sagetweaks.com

2.Right to Rectification (Art. 16)

You can correct any inaccurate or incomplete personal data.

How to Exercise:Update your profile in Account Settings

3.Right to Erasure (Art. 17)

Request permanent deletion of your personal data ("Right to be Forgotten").

How to Exercise:Account Settings → Delete Account

Note: We may retain data required by law (e.g., tax records for 7 years)

4.Right to Restriction (Art. 18)

You can request we temporarily restrict processing of your data.

How to Exercise:Contact support@sagetweaks.com

5.Right to Portability (Art. 20)

Download your data in a machine-readable format (JSON).

How to Exercise:Dashboard → Export My Data

6.Right to Object (Art. 21)

You can object to processing based on legitimate interests.

How to Exercise:Unsubscribe from emails or adjust settings

7.Right to Lodge a Complaint (Art. 77)

You can file a complaint with the competent data protection authority. Our lead supervisory authority is the Dutch DPA (Autoriteit Persoonsgegevens).

Lead authority:Autoriteit Persoonsgegevens (NL)Or your local DPA:Find via EDPB members list

How We Protect Your Data

Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Access Controls: Strict role-based access control (RBAC) limits who can access your data
Data Minimization: We only collect data necessary to provide our service
Pseudonymization: User IDs are anonymized where possible
Regular Audits: Security audits and vulnerability scans conducted regularly
Third-Party Compliance: All service providers (Stripe, AWS) are GDPR-compliant
Data Processing Agreements (DPAs): Signed with all third-party processors
Breach Notification: We will notify you within 72 hours if a data breach occurs

Legal Basis for Processing

We process your personal data based on the following legal grounds (GDPR Art. 6):

Processing Activity	Legal Basis
Account creation & management	Contract (Art. 6(1)(b))
Payment processing	Contract (Art. 6(1)(b))
License activation	Contract (Art. 6(1)(b))
Fraud prevention & security	Legitimate Interest (Art. 6(1)(f))
Service improvement & analytics	Legitimate Interest (Art. 6(1)(f))
Tax & accounting records	Legal Obligation (Art. 6(1)(c))
Marketing emails	Consent (Art. 6(1)(a))

Data Retention

We retain your personal data only as long as necessary:

Active accounts: Retained while account is active
Deleted accounts: Permanently deleted within 30 days
Tax records: Retained for 7 years (legal requirement)
Marketing data: Deleted immediately upon opt-out
Logs & backups: Deleted within 90 days

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). Some processors (e.g. Stripe for payments) may transfer certain data outside the EEA. Where they do, we ensure GDPR-compliant transfers through:

Standard Contractual Clauses (SCCs): EU-approved contracts with service providers
Adequacy Decisions: Transfers to countries approved by the EU Commission
Service Provider Compliance: AWS and Stripe have GDPR-compliant infrastructure

Questions or Concerns?

If you have questions about our GDPR compliance or want to exercise your rights, contact us:

📧
Emailsupport@sagetweaks.com
⏱️
Response TimeWithin 30 days (GDPR requirement)

For more details, see our full Privacy Policy.

This GDPR Compliance document is part of our comprehensive legal framework.
Last updated: January 7, 2026

What is GDPR?

At SageTweaks, we are committed to full GDPR compliance and protecting your fundamental rights to data privacy and protection.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

1.Right to Access (Art. 15)

You can request a copy of all personal data we hold about you.

How to Exercise:Log in to your dashboard and click "Export My Data" or email support@sagetweaks.com

2.Right to Rectification (Art. 16)

You can correct any inaccurate or incomplete personal data.

How to Exercise:Update your profile in Account Settings

3.Right to Erasure (Art. 17)

Request permanent deletion of your personal data ("Right to be Forgotten").

How to Exercise:Account Settings → Delete Account

Note: We may retain data required by law (e.g., tax records for 7 years)

4.Right to Restriction (Art. 18)

You can request we temporarily restrict processing of your data.

How to Exercise:Contact support@sagetweaks.com

5.Right to Portability (Art. 20)

Download your data in a machine-readable format (JSON).

How to Exercise:Dashboard → Export My Data

6.Right to Object (Art. 21)

You can object to processing based on legitimate interests.

How to Exercise:Unsubscribe from emails or adjust settings

7.Right to Lodge a Complaint (Art. 77)

You can file a complaint with the competent data protection authority. Our lead supervisory authority is the Dutch DPA (Autoriteit Persoonsgegevens).

Lead authority:Autoriteit Persoonsgegevens (NL)Or your local DPA:Find via EDPB members list

How We Protect Your Data

Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)

Access Controls: Strict role-based access control (RBAC) limits who can access your data

Data Minimization: We only collect data necessary to provide our service

Pseudonymization: User IDs are anonymized where possible

Regular Audits: Security audits and vulnerability scans conducted regularly

Third-Party Compliance: All service providers (Stripe, AWS) are GDPR-compliant

Data Processing Agreements (DPAs): Signed with all third-party processors

Breach Notification: We will notify you within 72 hours if a data breach occurs

Legal Basis for Processing

We process your personal data based on the following legal grounds (GDPR Art. 6):

Processing Activity	Legal Basis
Account creation & management	Contract (Art. 6(1)(b))
Payment processing	Contract (Art. 6(1)(b))
License activation	Contract (Art. 6(1)(b))
Fraud prevention & security	Legitimate Interest (Art. 6(1)(f))
Service improvement & analytics	Legitimate Interest (Art. 6(1)(f))
Tax & accounting records	Legal Obligation (Art. 6(1)(c))
Marketing emails	Consent (Art. 6(1)(a))

International Data Transfers

Standard Contractual Clauses (SCCs): EU-approved contracts with service providers

Adequacy Decisions: Transfers to countries approved by the EU Commission

Service Provider Compliance: AWS and Stripe have GDPR-compliant infrastructure