top of page

GDPR Compliance


Effective Date: 03/02/2025

1. Introduction

 

At TailorFlow AI, we are committed to complying with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Economic Area (EEA). This policy outlines how we collect, store, process, and protect personal data in compliance with GDPR requirements.

 

By using our website and services, you agree to the collection and processing of your data in accordance with this GDPR Compliance Policy.

 

2. Principles of GDPR Compliance

 

We adhere to the following GDPR principles when handling personal data:

  • Lawfulness, Fairness, and Transparency: We collect and process personal data lawfully and transparently.

  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.

  • Data Minimization: We collect only the data necessary for the intended purpose.

  • Accuracy: We take steps to ensure personal data remains accurate and up to date.

  • Storage Limitation: Data is retained only as long as necessary for its intended use.

  • Integrity and Confidentiality: We implement security measures to protect personal data from unauthorized access or breaches.

 

3. What Data We Collect

 

We collect and process personal data, including:

  • Contact Information: Name, email address, phone number, job title, and company name.

  • Technical Data: IP address, device information, browser type, and website usage analytics.

  • Business Information: Data provided for AI-driven automation, workflow optimization, or consultation requests.

  • Communication Records: Emails, messages, and other correspondence related to our services.

 

4. How We Use Personal Data

 

We process personal data for the following purposes:

  • To Provide Services: Deliver AI-powered solutions and respond to customer inquiries.

  • To Improve Our Offerings: Analyze website usage to enhance user experience.

  • To Comply with Legal Obligations: Ensure regulatory compliance and fulfill contractual agreements.

  • For Marketing and Communication: Send relevant updates and promotional content (with user consent).

 

5. Lawful Basis for Processing Personal Data

 

Under GDPR, we process personal data based on the following legal grounds:

  • Consent: When users explicitly agree to data processing (e.g., subscribing to newsletters).

  • Contractual Necessity: When processing is required to fulfill a contract with a customer.

  • Legitimate Interest: When processing is necessary for business operations, provided it does not override user rights.

  • Legal Obligation: When required to comply with laws and regulatory requirements.

 

6. Data Subject Rights Under GDPR

 

Individuals in the EEA have the following rights concerning their personal data:

  • Right to Access: Request details of the personal data we hold.

  • Right to Rectification: Request corrections to inaccurate or incomplete data.

  • Right to Erasure (Right to Be Forgotten): Request deletion of personal data under certain conditions.

  • Right to Restriction of Processing: Limit how we process personal data.

  • Right to Data Portability: Request to receive personal data in a structured format.

  • Right to Object: Object to data processing based on legitimate interests or direct marketing.

  • Right to Withdraw Consent: Revoke consent for data processing at any time.

 

To exercise these rights, contact us at [Insert Contact Email]. We will respond within one month as required by GDPR.

 

7. Data Security Measures

 

We implement appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, or loss. These include:

  • Encryption of data in transit and at rest.

  • Access control measures to restrict unauthorized data access.

  • Regular security audits and risk assessments.

  • Employee training on data protection and GDPR compliance.

 

8. Data Retention Policy

 

We retain personal data only as long as necessary to fulfill its intended purpose or comply with legal obligations. Once data is no longer required, we securely delete or anonymize it.

 

9. International Data Transfers

 

If we transfer personal data outside the EEA, we ensure appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.

  • Adequacy decisions for countries with strong data protection laws.

  • Other legally recognized mechanisms for secure data transfer.

 

10. Updates to This GDPR Compliance Policy

 

We may update this policy to reflect changes in legal requirements or business practices. Any updates will be posted on this page with a revised "Effective Date."

 

11. Contact Us

 

If you have any questions about this GDPR Compliance Policy or wish to exercise your data protection rights, contact us:

Email: ekansh@tailorflowai.com
Website: https://www.tailorflowai.com/

bottom of page