GDPR Compliance

GoViralPro is committed to complying with the General Data Protection Regulation (GDPR) and ensuring the privacy rights of all individuals in the European Economic Area (EEA) and beyond.

1. Data Controller Information

Company Name: GoViralPro Inc.
Address: 123 Marketing Street, Suite 400, San Francisco, CA 94105, USA
Email: [email protected]
Data Protection Officer: [email protected]

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our services as agreed in our Terms of Service
• Legitimate Interest: To improve our platform, prevent fraud, and ensure security
• Consent: For marketing communications and optional features (you can withdraw consent anytime)
• Legal Obligation: To comply with applicable laws and regulations

3. Your GDPR Rights

Under GDPR, you have comprehensive rights regarding your personal data. We make it easy for you to exercise these rights.

4. Data We Collect

4.1 Account Data

• Name and email address
• Password (encrypted)
• Account preferences and settings

4.2 Campaign Data

• Campaign content and settings
• Participant information (names and emails collected through your campaigns)
• Referral tracking data

4.3 Usage Data

• IP address and device information
• Browser type and version
• Pages visited and actions taken
• Cookies and tracking technologies

4.4 Payment Data

• Billing information (processed securely by Stripe)
• Transaction history

5. How We Use Your Data

We process your data only for legitimate, specified purposes:

• Providing and improving our platform services
• Processing payments and managing subscriptions
• Sending transactional emails (campaign notifications, receipts)
• Analyzing platform usage to enhance user experience
• Preventing fraud and ensuring platform security
• Complying with legal obligations
• Marketing communications (with your explicit consent)

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined above:

• Account Data: Retained while your account is active plus 90 days after deletion
• Campaign Data: Retained for 2 years after campaign end or as required by law
• Usage Data: Retained for 13 months
• Financial Records: Retained for 7 years (legal requirement)

7. International Data Transfers

Our servers are located in the United States. If you're located in the EEA, your data will be transferred outside the EEA. We ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all third-party processors
• Regular security audits and compliance reviews

8. Third-Party Data Processors

We share data only with trusted processors who comply with GDPR:

• Stripe: Payment processing (PCI-DSS compliant)
• Email Service Providers: Transactional email delivery
• Cloud Hosting: Secure data storage and platform hosting
• Analytics Services: Usage tracking and performance monitoring

All processors are bound by Data Processing Agreements (DPAs) that meet GDPR requirements.

9. Cookies and Tracking

We use cookies to enhance your experience. You can control cookie preferences through your browser settings. Our cookie usage:

• Essential Cookies: Required for platform functionality (cannot be disabled)
• Analytics Cookies: Help us understand usage patterns (optional)
• Marketing Cookies: Used for targeted advertising (requires consent)

10. Data Security

We implement robust security measures:

• SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Multi-factor authentication support
• Access controls and role-based permissions
• 24/7 security monitoring

11. Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay
• Provide details about the breach and our response measures
• Take immediate action to mitigate risks

12. Children's Privacy

Our platform is not intended for individuals under 18. We do not knowingly collect data from children. If we discover we've collected data from a child, we will delete it immediately.

13. Exercising Your Rights

To exercise any of your GDPR rights, use the form below or contact our Data Protection Officer directly. We will respond within 30 days.

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we've violated GDPR. However, we encourage you to contact us first so we can address your concerns directly.

15. Updates to This Policy

We may update this GDPR compliance statement periodically. Material changes will be communicated via email. Your continued use after changes constitutes acceptance.