GDPR Compliance
General Data Protection Regulation Information
Our Commitment to GDPR
MAIASS is committed to complying with the EU General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Union. This page explains how we handle your data rights under GDPR.
Lawful Basis for Processing
Anonymous CLI Users
Legitimate Interest (Article 6(1)(f))
- Machine fingerprinting for quota enforcement and abuse prevention
- Service optimization and performance monitoring
- Technical error logging for service improvement
Team Account Users
Contract Performance (Article 6(1)(b))
- Account management and service delivery
- Billing and subscription management
- Customer support and technical assistance
Consent (Article 6(1)(a))
- Marketing communications (optional)
- Optional feature usage analytics
- Newsletter subscriptions
Your Rights Under GDPR
Right to Information (Articles 13-14)
You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR page.
Right of Access (Article 15)
You have the right to obtain confirmation of whether we process your personal data and access to that data, including:
- What personal data we hold about you
- How we use your data
- Who we share your data with
- How long we keep your data
Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected and incomplete personal data completed.
Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to have your personal data erased in certain circumstances:
- The data is no longer necessary for the original purpose
- You withdraw consent (where consent was the lawful basis)
- The data has been unlawfully processed
- Erasure is required for compliance with legal obligations
Right to Restrict Processing (Article 18)
You have the right to restrict the processing of your personal data in certain situations:
- You contest the accuracy of the data
- Processing is unlawful but you don't want erasure
- We no longer need the data but you need it for legal claims
- You object to processing while verification is pending
Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to Object (Article 21)
You have the right to object to processing based on legitimate interests or for direct marketing purposes at any time.
Rights Related to Automated Decision Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing. Note: MAIASS uses AI for content generation, but final decisions about using generated content remain with you.
How to Exercise Your Rights
For Anonymous CLI Users
Since anonymous usage involves minimal personal data collection through machine fingerprinting only:
- Access: Contact us with your machine fingerprint information
- Erasure: Uninstall CLI and request fingerprint deletion
- Portability: Limited data available for export
For Team Account Users
Submit requests through:
- Account Dashboard: Self-service options for data export and deletion
- Email: [email protected] with subject "GDPR Rights Request"
- Support Portal: Submit ticket through authenticated support system
Required Information for Requests
To verify your identity and process your request, please provide:
- Your name and email address (for team accounts)
- Description of the specific right you want to exercise
- Relevant account or service identifiers
- Any additional information needed to locate your data
Response Timeline
We will respond to your GDPR requests:
- Acknowledgment: Within 72 hours of receipt
- Full response: Within 30 days (may extend to 60 days for complex requests)
- Urgent requests: Prioritized based on legal requirements
Data Processing Activities
Personal Data We Process
| Data Type | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Machine Fingerprint | Quota enforcement, abuse prevention | Legitimate Interest | 12 months |
| Email Address | Account management, authentication | Contract Performance | Account lifetime + 90 days |
| Usage Metrics | Service optimization, billing | Legitimate Interest / Contract | 36 months |
| Payment Data | Transaction processing | Contract Performance | 7 years (legal requirement) |
International Data Transfers
We may transfer your personal data outside the EU to:
- OpenAI (US): For AI content generation - adequacy decision pending
- Cloudflare (US): For infrastructure - Standard Contractual Clauses
- Stripe (US): For payment processing - adequacy decision pending
All transfers are protected by appropriate safeguards including Standard Contractual Clauses and adequacy decisions where available.
Data Protection Officer
For questions about GDPR compliance or to exercise your rights, contact our Data Protection Officer:
- Email: [email protected]
- Subject line: GDPR Inquiry
- Response time: Within 72 hours
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. You can contact:
- Your local data protection authority in the EU
- The Information Commissioner's Office (ICO) in the UK
- The data protection authority in the country where the alleged infringement occurred
Privacy-First Design
MAIASS was designed with GDPR principles in mind from the ground up. Our anonymous-first approach minimizes personal data collection, and our transparent policies ensure you always know how your data is being used.