GDPR Compliance

Last Updated: December 16, 2025

1. Overview of GDPR Compliance

The General Data Protection Regulation (GDPR) is European Union legislation that protects personal data and privacy. AI Pulse complies with GDPR requirements including:

• Lawful Processing: We process data only with your explicit consent
• Transparency: Clear information about data collection and use
• Data Minimization: We collect only necessary information
• Security: Strong technical and organizational measures
• Individual Rights: Full support for your GDPR rights
• Accountability: Documentation and compliance monitoring

2. Legal Basis for Processing

Under GDPR Article 6, we process your data based on:

• Consent (Article 6(1)(a)): You explicitly agree when subscribing to receive AI news
• Contract Performance (Article 6(1)(b)): Processing necessary to deliver your paid subscription
• Legitimate Interests (Article 6(1)(f)): Service improvement and fraud prevention

3. Your GDPR Rights

3.1 Right to Access (Article 15)

You have the right to:

• Request a copy of all personal data we hold about you
• Understand how your data is processed
• Receive data in a structured, commonly used format

How to exercise: Email privacy@dailyainews.cloud with subject "GDPR Access Request"

3.2 Right to Rectification (Article 16)

You can request correction of:

• Inaccurate personal information
• Incomplete data
• Outdated email addresses or preferences

3.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your data when:

• Data is no longer necessary for its original purpose
• You withdraw consent for processing
• You object to processing and there are no overriding legitimate grounds
• Data was unlawfully processed

3.4 Right to Data Portability (Article 20)

You can:

• Receive your data in machine-readable format (JSON/CSV)
• Transfer data to another service provider
• Request direct transmission to another controller where feasible

3.5 Right to Object (Article 21)

You may object to:

• Processing based on legitimate interests
• Direct marketing (though we don't do marketing beyond our service)
• Profiling or automated decision-making

3.6 Right to Restriction (Article 18)

You can request we limit processing while:

• Verifying accuracy of contested data
• Processing is unlawful but you oppose erasure
• We no longer need data but you require it for legal claims

4. How We Protect Your Data

4.1 Technical Measures

• Encryption: SSL/TLS for data transmission, AES-256 for storage
• Access Controls: Role-based access, multi-factor authentication
• Regular Audits: Security assessments and penetration testing
• Backup Systems: Encrypted backups with geographic redundancy

4.2 Organizational Measures

• Data Protection Officer: Designated privacy contact
• Staff Training: GDPR awareness for all team members
• Privacy by Design: Data protection built into all systems
• Incident Response: 72-hour breach notification protocol

5. Data Processing Details

5.1 What Data We Collect

• Identity Data: Email address only
• Subscription Data: Delivery preferences, frequency, payment status
• Technical Data: IP address, device type, email client
• Usage Data: Email opens, link clicks (anonymized where possible)

5.2 How Long We Keep Data

• Active Subscriptions: Duration of subscription
• Cancelled Subscriptions: 90 days after cancellation
• Legal Requirements: Up to 7 years for financial records
• Analytics: Aggregated data retained indefinitely (anonymized)

5.3 International Data Transfers

Your data may be transferred outside the EU/EEA. We ensure protection through:

• Standard Contractual Clauses (SCCs): EU Commission approved contracts
• Adequacy Decisions: Transfers only to countries with adequate protection
• Data Processing Agreements: GDPR-compliant contracts with all processors

6. Third-Party Processors

We work with GDPR-compliant processors:

• Stripe (Payment): PCI-DSS compliant, SOC 2 certified
• Railway (Hosting): EU-US Data Privacy Framework participant
• Anthropic (AI): No personal data shared, article content only
• Email Provider: GDPR-compliant email delivery service

7. AI Processing & GDPR

Our AI-powered news curation complies with GDPR:

• No Profiling: AI analyzes articles, not user behavior
• No Automated Decisions: No automated decisions that significantly affect you
• Transparency: Clear explanation of AI curation methodology
• Data Separation: Personal data never sent to AI systems

8. Children's Data

We do not knowingly process data of individuals under 16 (GDPR age of consent). If we discover such data:

• Immediate deletion of all personal information
• Notification to the individual or guardian
• Review of verification processes

9. Data Breach Notification

In the unlikely event of a data breach:

• Supervisory Authority: Notified within 72 hours (GDPR Article 33)
• Affected Individuals: Direct notification if high risk to rights and freedoms
• Information Provided: Nature of breach, potential consequences, measures taken

10. How to Exercise Your Rights

Contact our Data Protection Officer:

• Email: dpo@dailyainews.cloud or privacy@dailyainews.cloud
• Subject Line: "GDPR Request - [Type of Request]"
• Required Info: Email address, nature of request, verification details
• Response Time: Within 30 days (extendable to 60 days for complex requests)

11. Right to Complain

You have the right to lodge a complaint with a supervisory authority:

• Your Country: Contact your national data protection authority
• Ireland (Our EU Representative): Data Protection Commission
• Website: https://edpb.europa.eu/about-edpb/about-edpb/members_en

12. Updates to This Policy

We review GDPR compliance regularly. Updates will be communicated via:

• Email to active subscribers
• Notice on our website
• Updated date at the top of this page