GDPR Compliance

General Data Protection Regulation (GDPR)

We are committed to full compliance with the GDPR and ensuring your data protection rights are respected and easily exercisable.

Our GDPR Commitment

Projektify is fully committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. We recognize the importance of protecting personal data and have implemented comprehensive measures to ensure we meet all GDPR requirements.

This page outlines your rights under GDPR and how we help you exercise them. For more detailed information about our data practices, please see our Privacy Policy.

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Consent: When you explicitly consent to data processing (e.g., marketing communications)
Contract Performance: To fulfill our contractual obligations and provide our services
Legal Obligation: To comply with applicable laws and regulations
Legitimate Interests: For business operations, security, and service improvement (balanced with your rights)

Your Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to access that data along with information about how it's being used.

2. Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when it's no longer necessary, you withdraw consent, or it's been unlawfully processed.

4. Right to Restrict Processing (Article 18)

You can request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data.

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

6. Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7. Right to Withdraw Consent (Article 7)

When processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

8. Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Contact us at hello@xcdify.com
Use our contact form at /request-demo
Access your account settings to manage certain data directly

We will respond to your request within 30 days (or inform you if we need more time). We may need to verify your identity before processing certain requests to protect your privacy.

Data Processing Agreements (DPAs)

For enterprise customers, we offer Data Processing Agreements (DPAs) that comply with GDPR Article 28. Our DPAs include:

Clear definition of processing activities
Security measures and technical safeguards
Sub-processor information and approval processes
Data breach notification procedures
Assistance with data subject rights requests
Data retention and deletion obligations

To request a DPA, please contact us at hello@xcdify.com.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

Account Data: Retained while your account is active and for 30 days after deletion
Project Data: Retained while your account is active, accessible for 30 days after account deletion
Marketing Data: Retained until you unsubscribe or withdraw consent
Legal Records: Retained as required by applicable laws (e.g., tax records for 7 years)

After the retention period, data is securely deleted or anonymized in accordance with GDPR requirements.

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Other appropriate safeguards as required by GDPR Chapter V

We maintain a list of sub-processors and their locations. Contact us for more information about our data transfer safeguards.

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and 34.

Our breach notification will include:

Nature of the breach
Categories and approximate number of data subjects affected
Likely consequences of the breach
Measures taken or proposed to address the breach

Privacy by Design & Default

We implement Privacy by Design and Privacy by Default principles (GDPR Article 25):

Data minimization: We only collect data necessary for our services
Purpose limitation: Data is used only for specified, explicit purposes
Storage limitation: Data is kept only as long as necessary
Security measures: Technical and organizational measures are built into our systems
Default privacy settings: Privacy-friendly defaults are applied

Contact Us

For GDPR-related inquiries, to exercise your rights, or to report a concern, please contact us:

Email: hello@xcdify.com

Legal Inquiries: hello@xcdify.com

Contact Form: request-demo

You also have the right to contact your local data protection authority if you have concerns about how we handle your data.

Last updated: November 21, 2025