L
Constavita

Your GDPR Rights

Last updated: January 2025 · Applies to users in the European Economic Area (EEA), UK, and Switzerland

1. Data Controller

Constavita acts as the data controller for your personal data. For data-related inquiries, contact us at privacy@constavita.app.

2. Legal Basis for Processing

We process your data under the following legal bases:

  • Contract performance: Processing necessary to provide the service you signed up for.
  • Legitimate interests: Analytics and security monitoring to improve and protect our platform.
  • Legal obligation: Where required by applicable law.
  • Consent: For marketing communications (which you can withdraw at any time).

3. Your Rights Under GDPR

As an EEA/UK resident, you have the following rights:

Right of Access (Art. 15)

You can request a copy of all personal data we hold about you, including your account details, calculator history, and AI reflections.

How: Email privacy@constavita.app with subject: 'Data Access Request'

Right to Rectification (Art. 16)

You can correct inaccurate personal data. Most profile data can be updated directly in Settings.

How: Update in Settings or email privacy@constavita.app

Right to Erasure (Art. 17)

You can request deletion of all your personal data. You can do this via Settings → Data & Privacy → Delete Account.

How: Settings → Data & Privacy, or email privacy@constavita.app

Right to Restriction (Art. 18)

You can request that we restrict processing of your data in certain circumstances (e.g., while disputing accuracy).

How: Email privacy@constavita.app

Right to Data Portability (Art. 20)

You can request your personal data in a machine-readable format (JSON or CSV) to transfer to another service.

How: Email privacy@constavita.app with subject: 'Data Portability Request'

Right to Object (Art. 21)

You can object to processing based on legitimate interests at any time.

How: Email privacy@constavita.app

Right to Withdraw Consent

Where processing is based on consent (e.g., marketing), you can withdraw it at any time without affecting the lawfulness of prior processing.

How: Account settings or email privacy@constavita.app

4. Data Transfers

Our infrastructure uses providers with US-based servers (Vercel, OpenAI). Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) as the legal transfer mechanism. OpenAI is subject to the EU-US Data Privacy Framework.

5. Response Times

We will respond to all data subject requests within 30 days. Complex requests may take up to 90 days; we will notify you if this is the case.

6. Right to Lodge a Complaint

If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority. For UK residents: ICO (ico.org.uk). For EEA residents, contact your national supervisory authority.

7. Contact Our Data Protection Contact

Email: privacy@constavita.app
Subject line: “GDPR Request — [Your Right]”
We will verify your identity before processing your request.