GDPR Compliance

How Bulbie handles data under the General Data Protection Regulation

Overview

The General Data Protection Regulation (GDPR) is a European Union law that governs how personal data is collected, stored, and used. This page explains how Bulbie complies with the GDPR.

Data Controller

For users in the European Economic Area (EEA), Bulbie acts as the data controller for your personal data. You can contact us at privacy@bulbie.app for any GDPR-related queries.

Legal Basis for Processing

We process your data on the following legal bases:

  • Contract — processing your account data to deliver the service you signed up for
  • Legitimate interests — security monitoring, fraud prevention, product analytics
  • Legal obligation — compliance with applicable laws
  • Consent — marketing communications (only if you have opted in)

Your Rights Under the GDPR

If you are located in the EEA you have the following rights:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — ask us to delete your data ("right to be forgotten")
  • Right to restriction — restrict how we process your data in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Rights related to automated decision-making — Bulbie does not make solely automated decisions that significantly affect you

To exercise any of these rights, email privacy@bulbie.app. We will respond within 30 days.

Data Transfers

Some of our sub-processors (such as Cloudflare and Stripe) may process data outside the EEA. Where this occurs, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure your data is protected.

Data Retention

We retain your personal data for as long as your account is active. When you delete your account, your personal data is purged within 30 days. Anonymised usage statistics may be retained longer.

Sub-processors

We use the following sub-processors that may handle personal data:

  • Stripe (payment processing)
  • Cloudflare (CDN and file storage)
  • OpenAI (AI features — message content may be processed)
  • Google (Calendar integration, OAuth)
  • Firebase (mobile push notifications)
  • Slack (Slack integration)

Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority. In the UK this is the Information Commissioner's Office (ICO).

Contact

For all GDPR-related requests: privacy@bulbie.app