GDPR compliance and your rights
Dailybot acts as a processor for much of the customer content your organization enters, and as a controller for account, billing, and service operations data. This reference summarizes common GDPR data subject rights and how to exercise them. Binding detail lives in the Privacy Policy and your Data Processing Agreement (DPA).
Compliance posture (summary)
- Lawful bases: Processing is described in the Privacy Policy (contract performance, legitimate interests, consent where required).
- Subprocessors: Listed or linked from legal documentation; review before enterprise procurement.
- Transfers: Governed by appropriate safeguards (for example Standard Contractual Clauses) where data leaves the EEA or UK, as stated in legal docs.
- Security: Technical and organizational measures are summarized publicly; deeper assurance may appear in security questionnaires for enterprise customers.
Data subject rights — how to exercise each
| Right | What it covers | How to exercise it |
|---|---|---|
| Access | Copy of personal data we hold about you | Request via privacy or support email listed in the Privacy Policy; include verifying details. |
| Rectification | Correct inaccurate profile or billing details | Update in Profile / Billing settings where self-service exists; otherwise email support. |
| Erasure | Delete personal data when no overriding ground applies | Follow Requesting data deletion and include jurisdiction. |
| Restriction | Pause certain processing while a dispute is reviewed | Email support with the scope you want restricted and legal basis for the request. |
| Portability | Machine-readable export of data you provided | Ask support for export format availability; some product areas may export via UI. |
| Object | Object to processing based on legitimate interests | Email support referencing the specific processing and your objection grounds. |
| Withdraw consent | Where processing relied on consent | Use in-product toggles if offered, or email to revoke marketing or optional analytics consent. |
Response timelines and identity verification steps follow GDPR practice (typically within one month, extendable for complex requests). Org admins should coordinate with legal before making requests that affect whole teams.
DPA availability
Customers who need a signed Data Processing Agreement should download the standard DPA from Dailybot’s legal pages or request an enterprise copy through sales or support. Executed DPAs govern processor obligations for your org’s use of the service.