GDPR Policy

GDPR Privacy Policy

General Data Protection Regulation compliance

This GDPR Privacy Policy explains how CoolPosts collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR).

Data Controller

CoolPosts is the data controller for your personal information.

Contact: privacy{{ config('app.domain') }}

Personal Data We Collect

Account Information

  • Name and email address
  • Account preferences and settings
  • Payment information (encrypted)
  • Profile information

Usage Data

  • Link clicks and analytics
  • Device and browser information
  • IP address and location data
  • Session and interaction data

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent

You have given clear consent for us to process your personal data for specific purposes.

Contract

Processing is necessary for the performance of our service agreement with you.

Legitimate Interest

Processing is necessary for our legitimate interests, such as improving our services.

Legal Obligation

Processing is necessary for compliance with legal obligations.

Your Rights Under GDPR

Access & Portability

  • Right to access your personal data
  • Right to data portability
  • Right to know how we process your data
  • Right to receive a copy of your data

Control & Correction

  • Right to rectify inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to object to processing

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

Account Data

Retained while your account is active and for 30 days after deletion

Analytics Data

Retained for 2 years for service improvement purposes

Payment Data

Retained for 7 years for legal and tax compliance

Log Data

Retained for 90 days for security and troubleshooting

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures

  • Encryption in transit and at rest
  • Secure data centers
  • Regular security audits
  • Access controls and authentication

Organizational Measures

  • Employee training on data protection
  • Data protection policies
  • Incident response procedures
  • Regular policy reviews

Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA):

International Transfers

  • We ensure adequate protection through Standard Contractual Clauses
  • Transfers only to countries with adequate data protection laws
  • Third-party processors are bound by data protection agreements
  • You can request information about specific transfers

Exercising Your Rights

To exercise your GDPR rights, please contact us:

Data Protection Officer

dpo{{ config('app.domain') }}

For GDPR-specific inquiries

Privacy Team

privacy{{ config('app.domain') }}

For general privacy questions

Response Time

  • We will respond to your request within 30 days
  • Complex requests may take up to 60 days
  • We will notify you if we need additional time
  • No fee for reasonable requests

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not addressed your concerns adequately.

Contact Your Authority

Find your local data protection authority at: European Data Protection Board

Updates to This Policy

We may update this GDPR Privacy Policy from time to time. We will notify you of any material changes by email or through our website.

Last Updated

This policy was last updated on January 10, 2026

Contact Privacy Team