GDPR Compliance

Glass Notes is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).

Our Commitment

As a Swedish company, Glass Notes is fully committed to GDPR compliance. We have implemented comprehensive data protection measures and transparent practices to ensure your rights are protected.

Your Rights

Right to Access

You have the right to request a copy of all personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

You have the right to request correction of any inaccurate personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data. You can delete your account and all associated data at any time through your account settings.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format. Glass Notes provides full data export functionality.

Right to Object

You have the right to object to processing of your personal data for direct marketing or based on legitimate interests.

Right to Restrict Processing

You have the right to request that we restrict processing of your personal data in certain circumstances.

Data Protection

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

EU Data Residency

All data is stored and processed within the European Union.

Access Controls

Strict access controls ensure only authorized personnel can access data.

Audit Logging

Comprehensive logging of all data access for security auditing.

Data Processing

Legal Basis for Processing

  • Contract: Processing necessary for providing our service to you
  • Consent: Processing based on your explicit consent (e.g., marketing)
  • Legitimate Interest: Processing for service improvement and security
  • Legal Obligation: Processing required by law

Data Retention

We retain your personal data only for as long as necessary to provide our services and fulfill the purposes described in our Privacy Policy. Specifically:

  • Account data: Retained while your account is active
  • Notes and content: Retained while your account is active
  • Deleted data: Permanently removed within 30 days
  • Backup data: Retained for up to 90 days for disaster recovery

Contact

For any GDPR-related inquiries or to exercise your rights, please contact us:

Get in touch