GDPR Compliance
This page summarises how GesiMuse implements Regulation (EU) 2016/679. The full detail is in the Privacy Policy.
Roles
[COMPANY NAME] is the data controller. Supabase, Vercel, Cloudflare and Mollie act as processors or independent controllers (payments) under written agreements.
Principles we apply
- Data minimisation — contact numbers are optional on your profile and only required on ads you choose to publish.
- Storage limitation — retention periods are defined per data category in the Privacy Policy.
- Integrity & confidentiality — TLS everywhere, row-level security on the database, original photos in a private bucket, service keys restricted to server code.
- Accountability — records of processing activities and a credit/payment audit ledger are maintained.
Exercising your rights
Send requests to [SUPPORT EMAIL] with the subject “GDPR request”. We answer within one month (Art. 12(3)). Identity verification may be required. Erasure removes your profile, ads, photos (public and original), and reviews you wrote; payment records are retained only as long as tax law requires.
Data breaches
Breaches likely to result in a risk to your rights are notified to the supervisory authority within 72 hours and, where the risk is high, to you directly (Art. 33–34).