GDPR Compliance
Personal data protection policy in accordance with the EU General Data Protection Regulation (GDPR)
GDPR General Provisions
SmartGeniusAI fully complies with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), which came into effect on May 25, 2018.
This document describes how we meet GDPR requirements for users from the European Union.
Our Approach to GDPR:
- Privacy by Design and Privacy by Default principles
- Transparency in data processing
- Minimization of collected data
- Ensuring data subject rights
- Secure data storage and transfer
Data Processing Principles
Lawfulness, Fairness, and Transparency
We process data only on lawful bases: with your consent, for contract performance, or based on legitimate interests.
Purpose Limitation
Data is collected only for specific, explicit, and legitimate purposes stated in the Privacy Policy.
Data Minimization
We collect only the data necessary for providing the requested services.
Accuracy
We take reasonable steps to ensure data accuracy and timely updates.
Storage Limitation
Data is stored no longer than necessary for processing purposes (max. 2 hours for images).
Integrity and Confidentiality
Data is protected against unauthorized processing, loss, damage, or destruction.
Data Subject Rights
Right of Access
You can request information about what data of yours we process
Right to Rectification
You can correct inaccurate or incomplete personal data
Right to Erasure
You can request deletion of your data ("right to be forgotten")
Right to Restriction
You can restrict processing of your data in certain cases
Right to Data Portability
You can receive your data in a structured format
Right to Object
You can object to data processing based on legitimate interests
To exercise your GDPR rights:
Submit a GDPR RequestInternational Data Transfers
Processing via Replicate API:
To perform AI image processing operations, we transfer data to the Replicate API service. This transfer is based on Standard Contractual Clauses (SCC).
Protection guarantees during transfer:
- Data encryption during transfer (TLS 1.2+)
- Data protection agreements with providers
- Restricted data access for employees
- Regular security audits
Breach Notification
Personal Data Breach Notification Protocol
In case of a personal data protection breach, we commit to:
- Notify the supervisory authority within 72 hours
- Inform data subjects if the breach poses high risk to their rights
- Document all breaches and measures taken
- Take immediate actions to eliminate the breach
DPO and Contact Information
Data Protection Specialist:
In accordance with Article 37 of GDPR, considering the nature and scale of our activities, the appointment of an official DPO (Data Protection Officer) is not mandatory.
Country: Ukraine
Legal Basis for Processing
| Processing Type | GDPR Legal Basis | Processing Purpose |
|---|---|---|
| Image processing | Contract performance (Art. 6(1)(b)) | Provision of requested services |
| Email storage | Consent (Art. 6(1)(a)) | Sending notifications and responses |
| Google Analytics | Legitimate interests (Art. 6(1)(f)) | Service improvement |
| Server logs | Legitimate interests (Art. 6(1)(f)) | Security and fraud prevention |
Updates and Compliance
Current Compliance Status:
SmartGeniusAI fully complies with GDPR requirements. We regularly review our policies and procedures to ensure ongoing compliance.
Our data protection system is built on Privacy by Design and Privacy by Default principles.