GoReel LogoGoReel

GDPR Compliance

Your data protection rights under the General Data Protection Regulation (GDPR) and how we protect your privacy.

Last updated: October 21, 2025

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives EU residents control over their personal data and simplifies the regulatory environment for international business.

Key Principles

  • Lawfulness: Data processing must have a legal basis
  • Transparency: Clear information about data processing
  • Purpose limitation: Data collected for specific purposes only
  • Data minimization: Only necessary data is collected
  • Accuracy: Data must be kept accurate and up-to-date
  • Security: Appropriate security measures must be in place
Your Rights Under GDPR

Right to Information

  • • Know what personal data we collect about you
  • • Understand how and why we process your data
  • • Know who we share your data with
  • • Understand how long we keep your data

Right to Access

  • • Request a copy of your personal data
  • • Know the source of your data
  • • Understand the logic behind automated decisions
  • • Know about any data transfers

Right to Rectification

  • • Correct inaccurate personal data
  • • Complete incomplete personal data
  • • Update outdated information

Right to Erasure

  • • Request deletion of your personal data
  • • "Right to be forgotten" in certain circumstances
  • • Data must be deleted when no longer necessary

Right to Data Portability

  • • Receive your data in a structured format
  • • Transfer your data to another service
  • • Data must be provided free of charge

Right to Object

  • • Object to processing of your personal data
  • • Object to direct marketing
  • • Object to automated decision-making
How We Process Your Data

Legal Basis for Processing

  • Consent: You have given clear consent
  • Contract: Processing is necessary for our service
  • Legitimate Interest: Processing is in our legitimate interest
  • Legal Obligation: Required by law

Data Processing Activities

  • • Account creation and management
  • • AI slideshow generation
  • • TikTok content posting
  • • Payment processing
  • • Customer support
  • • Service improvement and analytics

Data Retention

  • • Account data: Until account deletion
  • • Content: Until you delete it or close account
  • • Payment data: As required by law (typically 7 years)
  • • Analytics: Anonymized after 2 years
Data Security Measures

Technical Safeguards

  • • End-to-end encryption for data in transit
  • • AES-256 encryption for data at rest
  • • Secure HTTPS connections throughout
  • • Regular security audits and penetration testing
  • • Multi-factor authentication for accounts

Organizational Measures

  • • Employee training on data protection
  • • Access controls and role-based permissions
  • • Regular security policy reviews
  • • Incident response procedures
  • • Data protection impact assessments

Third-Party Security

  • • All third-party providers are GDPR compliant
  • • Data processing agreements in place
  • • Regular security assessments of partners
  • • Limited data sharing to essential services only
International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure these transfers comply with GDPR requirements.

Transfer Safeguards

  • • Adequacy decisions by the European Commission
  • • Standard Contractual Clauses (SCCs)
  • • Binding Corporate Rules (BCRs)
  • • Privacy Shield certification (where applicable)

Countries We Transfer Data To

  • • United States (with appropriate safeguards)
  • • United Kingdom (adequacy decision)
  • • Canada (adequacy decision)
  • • Other countries with approved safeguards
Exercising Your Rights

How to Make Requests

  • • Email: privacy@goreel.com
  • • Subject Line: "GDPR Rights Request"
  • • Include your account email address
  • • Specify which right you want to exercise

Response Timeline

  • • We will respond within 30 days
  • • Complex requests may take up to 90 days
  • • We will inform you of any delays
  • • No fee for reasonable requests

Verification Process

  • • We may need to verify your identity
  • • Additional information may be requested
  • • This protects your data from unauthorized access
  • • We will explain any verification requirements
Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance and handle data protection matters.

Contact Information

• Email: dpo@goreel.com

• Subject Line: "DPO Inquiry"

• Response Time: Within 48 hours

DPO Responsibilities

  • • Monitor GDPR compliance
  • • Provide data protection advice
  • • Handle data subject requests
  • • Liaise with supervisory authorities
  • • Conduct privacy impact assessments
Supervisory Authority

If you believe we have not addressed your GDPR rights properly, you have the right to lodge a complaint with your local data protection supervisory authority.

How to File a Complaint

  • • Contact your local data protection authority
  • • Provide details of your concern
  • • Include any correspondence with us
  • • The authority will investigate your complaint

Our Commitment

  • • We will cooperate with any investigation
  • • We take all complaints seriously
  • • We will work to resolve issues promptly
  • • We welcome feedback to improve our practices