GDPR Compliance

Your data protection rights and our compliance commitment

Last updated: January 2025

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It gives individuals in the European Union (EU) greater control over their personal data and how it's processed.

Our Commitment: Social Artisan (operated by jiuyiai) is fully committed to GDPR compliance and protecting your privacy rights, regardless of your location.

Your Rights Under GDPR

Right to Information

You have the right to know what personal data we collect, why we collect it, and how we use it.

How we comply: Our Privacy Policy provides clear, detailed information about our data practices.

Right of Access

You can request a copy of all personal data we hold about you.

How to request: Email permamindai@gmail.com with "Data Access Request" in the subject line.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

How to request: Update your profile in your account settings or contact us directly.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data under certain circumstances.

How to request: Email permamindai@gmail.com with "Data Deletion Request" in the subject line.

Right to Restrict Processing

You can request that we limit how we process your personal data.

When applicable: When you contest data accuracy, object to processing, or need data for legal claims.

Right to Data Portability

You can request your personal data in a portable format to transfer to another service.

Format: We provide data in JSON format, which is machine-readable and portable.

Right to Object

You can object to processing based on legitimate interests or for direct marketing.

Note: We don't use your data for direct marketing, but you can object to analytics processing.

Legal Basis for Processing

Under GDPR, we must have a legal basis for processing your personal data. Here are the legal bases we rely on:

📋 Contract Performance (Article 6(1)(b))

Processing necessary to provide our AI content generation service, manage your account, and process payments.

⚖️ Legitimate Interests (Article 6(1)(f))

Improving our service, analytics, security, and fraud prevention (balanced against your rights).

✅ Consent (Article 6(1)(a))

Optional features like marketing communications (you can withdraw consent at any time).

📜 Legal Obligation (Article 6(1)(c))

Compliance with tax laws, payment regulations, and law enforcement requests.

Data Protection Measures

We implement comprehensive technical and organizational measures to protect your data:

🔒 Technical Measures

  • • End-to-end encryption (TLS 1.3)
  • • Database encryption at rest (AES-256)
  • • Regular security audits and updates
  • • Access controls and authentication
  • • Automated backup systems

👥 Organizational Measures

  • • Staff training on data protection
  • • Data processing agreements with vendors
  • • Privacy by design principles
  • • Regular compliance reviews
  • • Incident response procedures

International Data Transfers

Your data may be processed outside the EU. We ensure adequate protection through:

Standard Contractual Clauses (SCCs)

EU-approved contracts ensuring GDPR-level protection

Adequacy Decisions

Transfers to countries with EU-recognized data protection

Binding Corporate Rules

For multinational service providers with internal data protection rules

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

1

We will notify the relevant supervisory authority within 72 hours

2

We will notify affected users without undue delay

3

We will provide clear information about the breach and recommended actions

How to Exercise Your Rights

📧 Contact Information

Data Protection Officer: permamindai@gmail.com

Response Time: Within 30 days (may be extended to 60 days for complex requests)

📝 What to Include in Your Request

  • • Your full name and email address associated with your account
  • • Clear description of your request
  • • Proof of identity (if required for security)
  • • Specific data or processing you're concerned about

⚡ Free of Charge

Exercising your GDPR rights is free of charge. We may charge a reasonable fee for excessive or repetitive requests.

Supervisory Authority

If you're not satisfied with how we handle your data protection request, you have the right to lodge a complaint with a supervisory authority.

🏛️ Your Rights

  • • Contact your local data protection authority
  • • File a complaint about our data processing
  • • Seek legal remedies if your rights are violated
  • • Receive compensation for damages (where applicable)

Contact Us First: We encourage you to contact us directly before filing a complaint. We're committed to resolving any data protection concerns promptly and fairly.