GDPR Compliance

Your data, your rights.

We believe data protection is a fundamental right. SAAS.PROJECT is built with privacy by design and is fully compliant with the General Data Protection Regulation (GDPR).

Effective date: March 18, 2026 · Data Controller: UNTH.AI
Your Rights

Full control over your data

Under the GDPR, you have the following rights. We make it easy to exercise any of them.

Right to Access

Request a complete copy of all personal data we hold about you, in a readable format.

Email us with subject "GDPR Request: Access"

Right to Rectification

Correct any inaccurate or incomplete personal data we have on file about you.

Email us with subject "GDPR Request: Rectification"

Right to Erasure

Request the deletion of your personal data. We erase it within 30 days of your request.

Email us with subject "GDPR Request: Erasure"

Right to Portability

Export your data in a structured, machine-readable format (JSON) to take it elsewhere.

Email us with subject "GDPR Request: Portability"

Right to Restriction

Limit how we process your data while a dispute or request is being resolved.

Email us with subject "GDPR Request: Restriction"

Right to Object

Object to certain types of data processing, including profiling and direct marketing.

Email us with subject "GDPR Request: Object"

Right to Withdraw Consent

Withdraw your consent at any time for processing based on consent. No penalties, ever.

Email us with subject "GDPR Request: Withdraw Consent"
Legal Basis

Why we process your data

Every piece of data we process has a clear legal basis under the GDPR. We never collect data we do not need.

Contract

We process data necessary to provide you with the SAAS.PROJECT service. This includes your account information, integration configurations, and agent processing data. Without this processing, we cannot deliver the service you signed up for.

Legitimate Interest

We process anonymized usage analytics to improve the service, monitor for security threats, prevent fraud, and maintain system performance. We balance our interests against your rights and only process what is necessary.

Consent

We only send you marketing emails if you opt in. We use cookies for analytics and preferences only with your explicit consent. You can withdraw consent at any time through your account settings or by contacting us.

Data Processing

What data we process

A complete overview of the personal data we collect, why we collect it, and how long we keep it.

Data TypePurposeLegal BasisRetention
Account dataProvide the service (name, email, password hash)ContractWhile active + 30 days
Usage analyticsImprove the service, monitor performanceLegitimate interest90 days (anonymized)
Integration dataAI agent processing (connected platform data)ContractUntil disconnected
Payment dataBilling and invoicing (processed by Stripe)ContractAs required by law
CookiesPreferences and analyticsConsentSee cookie policy
Sub-processors

Third parties that process your data

We carefully vet every sub-processor. All operate under Standard Contractual Clauses (SCCs) to ensure your data is protected regardless of location.

Stripe

Payments
US / EU

Google Cloud

Infrastructure
EU / US

Anthropic

AI Processing
US

Google DeepMind

AI Processing
US

OpenAI

AI Processing (BYOK)
US

International Transfers

When your data is transferred outside the European Economic Area (EEA), we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) with all sub-processors
  • Data Processing Agreements with all third parties
  • Regular assessment of transfer impact and adequacy
  • Encryption in transit and at rest for all personal data

Data Breach Protocol

In the unlikely event of a data breach, we follow a strict response protocol:

  • Notify affected users within 72 hours of discovery
  • Notify the relevant supervisory authority as required by law
  • Document all breaches with full incident timeline
  • Implement corrective measures to prevent recurrence

How to Exercise Your Rights

Exercising your GDPR rights is simple and free.

  • Email mathieu@unth.ai with subject "GDPR Request: [Right Name]"
  • We respond within 30 days of receiving your request
  • No fee for reasonable requests (we may charge for repetitive or unfounded requests)
  • We may ask for identity verification to protect your data

Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

  • Contact your local Data Protection Authority (DPA) directly
  • EU residents: find your DPA at edpb.europa.eu
  • We will cooperate fully with any supervisory authority investigation

Questions about your data?

Our Data Protection Officer is here to help with any privacy or GDPR-related questions.

Data Protection Officer: mathieu@unth.ai
UNTH.AI · Bangkok, Thailand
Contact DPO →