Back to Home

GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Last updated: January 2025

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to all organizations operating within the EU and those that offer goods or services to individuals in the EU.

As an open-source AI Sales Chatbot, iHeard.ai is committed to full GDPR compliance and protecting your data protection rights. Our transparent approach means you can review our data handling practices in our open-source codebase.

This page outlines your rights under GDPR and how we ensure compliance with these regulations.

Your GDPR Rights

Right of Access

You have the right to request access to the personal data we hold about you.

We will provide you with a copy of your personal data within 30 days of your request.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

We will correct any errors in your personal data upon your request.

Right to Erasure

You have the right to request deletion of your personal data.

We will delete your personal data unless we have a legal obligation to retain it.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data.

We will limit how we use your data while we investigate your concerns.

Right to Data Portability

You have the right to receive your personal data in a portable format.

We will provide your data in a commonly used, machine-readable format.

Right to Object

You have the right to object to processing of your personal data.

We will stop processing your data unless we have compelling legitimate grounds.

How We Process Your Data

Legal Basis for Processing

  • • Consent: When you explicitly agree to data processing
  • • Contract: To fulfill our service obligations
  • • Legitimate Interest: To improve our services and security
  • • Legal Obligation: To comply with applicable laws

Data Retention

  • • Account data: Until account deletion
  • • Usage data: 2 years for analytics
  • • Chat logs: 1 year for service improvement
  • • Legal records: As required by law

Data Security Measures

Technical Safeguards

  • • End-to-end encryption for data in transit
  • • AES-256 encryption for data at rest
  • • Regular security audits and penetration testing
  • • Multi-factor authentication for admin access

Organizational Measures

  • • Data protection impact assessments
  • • Staff training on data protection
  • • Incident response procedures
  • • Regular compliance reviews

International Data Transfers

As an open-source project, iHeard.ai may transfer data internationally. We ensure all international transfers comply with GDPR requirements through:

Adequacy Decisions: Transfers to countries with adequate data protection standards
Standard Contractual Clauses: EU-approved data transfer agreements
Self-Hosting: Complete control over data location when self-hosting

Exercising Your Rights

To exercise your GDPR rights, you can contact us through any of the following methods:

Contact Methods

  • • Email: gdpr@iheard.ai
  • • GitHub Issues: For technical questions
  • • Postal Address: Available upon request

Response Time

  • • Initial response: Within 7 days
  • • Full resolution: Within 30 days
  • • Extension notice: If more time needed

Open Source Transparency

Our commitment to GDPR compliance is enhanced by our open-source nature. You can:

• Review our data processing code in the GitHub repository

• Verify our security implementations firsthand

• Self-host for complete control over data processing

• Contribute to improving our data protection practices

• Audit our compliance measures independently

Contact Our Data Protection Officer

For GDPR-related inquiries or to exercise your data protection rights:

Email: dpo@iheard.ai

GitHub: github.com/SankaiAI/iHeard.ai

You also have the right to lodge a complaint with your local data protection authority.