
Data Protection
EU GDPR Compliance
This page is maintained by UMBRELLA to explain how our services align with the EU General Data Protection Regulation (Regulation (EU) 2016/679).
Lawful basis and purpose limitation
UMBRELLA collects personal data only for legitimate cybersecurity, contractual, and legal purposes stated at the point of collection. We do not sell personal data and do not repurpose it for unrelated activities without a fresh lawful basis.
Data subject rights
Individuals located in the EU/EEA may exercise rights of access, rectification, erasure, restriction, portability, and objection. Requests can be sent to contact@umbrellabd.app and are answered within 30 days.
Security of processing (Art. 32)
Encryption in transit (TLS 1.2+), role-based access, least-privilege service accounts, hardened logging, and periodic vulnerability assessment. Findings from our own security scans are remediated under an internal SLA.
International transfers
Where personal data leaves the EU/EEA, transfers rely on adequacy decisions or Standard Contractual Clauses (SCCs) plus additional safeguards where required.
Records, retention & sub-processors
We maintain a Record of Processing Activities (RoPA), a retention schedule tied to processing purpose, and a subprocessor list available on request under NDA.
Contact — Data Protection Point of Contact
For GDPR inquiries, data subject requests, or DPA execution, contact contact@umbrellabd.app.
