EU GDPR Compliant badge

Data Protection

EU GDPR Compliance

This page is maintained by UMBRELLA to explain how our services align with the EU General Data Protection Regulation (Regulation (EU) 2016/679).

Not an independent certification. The GDPR does not issue a formal certification for organizations; this page describes UMBRELLA's operational alignment with GDPR principles as a data processor / controller for its own services.

Lawful basis and purpose limitation

UMBRELLA collects personal data only for legitimate cybersecurity, contractual, and legal purposes stated at the point of collection. We do not sell personal data and do not repurpose it for unrelated activities without a fresh lawful basis.

Data subject rights

Individuals located in the EU/EEA may exercise rights of access, rectification, erasure, restriction, portability, and objection. Requests can be sent to contact@umbrellabd.app and are answered within 30 days.

Security of processing (Art. 32)

Encryption in transit (TLS 1.2+), role-based access, least-privilege service accounts, hardened logging, and periodic vulnerability assessment. Findings from our own security scans are remediated under an internal SLA.

International transfers

Where personal data leaves the EU/EEA, transfers rely on adequacy decisions or Standard Contractual Clauses (SCCs) plus additional safeguards where required.

Records, retention & sub-processors

We maintain a Record of Processing Activities (RoPA), a retention schedule tied to processing purpose, and a subprocessor list available on request under NDA.

Contact — Data Protection Point of Contact

For GDPR inquiries, data subject requests, or DPA execution, contact contact@umbrellabd.app.