Feedgot

GDPR Compliance

Last updated: 31 October 2025

feedgot is committed to protecting Personal Data and complying with the EU General Data Protection Regulation (GDPR). This page summarizes our practices as controller and processor, our lawful bases, your rights, and key safeguards.

Roles and Responsibilities

Data Controller

feedgot acts as the data controller for Personal Data that we collect and process for our own purposes, including:

  • Account Management: User registration, authentication, profile management, and account settings
  • Billing and Payments: Subscription management, payment processing, invoicing, and financial records
  • Customer Support: Technical assistance, troubleshooting, service requests, and communication
  • Product Analytics: Service usage patterns, feature adoption, performance monitoring, and user experience optimization
  • Marketing Communications: Product updates, newsletters, and promotional materials (with consent where required)
  • Security and Fraud Prevention: Authentication, access control, threat detection, and abuse prevention

Data Processor

feedgot acts as a data processor when handling Customer Data that you submit to or generate within our Service. In this capacity, we process data solely on your instructions and in accordance with our Data Processing Addendum (DPA), which incorporates:

  • Processing Instructions: Specific purposes and methods for data processing as directed by you
  • Data Subject Rights: Mechanisms to facilitate access, correction, deletion, and portability requests
  • Security Requirements: Technical and organizational measures to protect Customer Data
  • Sub-processor Management: Vetting, contracting, and oversight of third-party processors
  • Incident Response: Breach notification procedures and remediation protocols
  • Audit and Compliance: Cooperation with data protection assessments and regulatory inquiries

Our DPA is automatically incorporated into our service agreements and incorporates the EU Standard Contractual Clauses (SCCs) where applicable for international transfers.

Lawful Bases for Processing

Under GDPR Article 6, we process Personal Data based on the following lawful bases:

Contractual Necessity (Article 6(1)(b))

Processing is necessary for the performance of our contract with you, including:

  • Service Provision: Creating and managing your account, providing core functionality
  • Feature Delivery: Enabling specific features and capabilities you request
  • Customer Support: Responding to inquiries and resolving technical issues
  • Billing and Payments: Processing subscription fees and managing payment methods

Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate interests, balanced against your rights and freedoms:

  • Service Security: Implementing authentication, access controls, and fraud prevention
  • Service Improvement: Analyzing usage patterns to enhance features and user experience
  • Technical Maintenance: Monitoring system performance, debugging issues, and optimizing infrastructure
  • Business Operations: Managing our relationship with you and maintaining accurate records
  • Risk Management: Identifying and mitigating potential security threats and service abuse

Consent (Article 6(1)(a))

We rely on consent for specific processing activities:

  • Marketing Communications: Sending promotional emails and product announcements
  • Optional Analytics: Collecting detailed usage analytics beyond core service requirements
  • Third-Party Integrations: Sharing data with external services for enhanced functionality
  • Cookie Preferences: Setting non-essential cookies for advertising or advanced analytics

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal requirements:

  • Tax and Accounting: Maintaining financial records and complying with tax obligations
  • Regulatory Compliance: Meeting data protection, consumer protection, and industry-specific requirements
  • Court Orders: Responding to lawful requests from courts or regulatory authorities
  • Anti-Money Laundering: Conducting required due diligence and reporting obligations

Data Subject Rights

Under GDPR Chapter 3, you have the following rights regarding your Personal Data:

Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not Personal Data concerning you is being processed, and where that is the case, access to the Personal Data and the following information:

  • Purposes of processing: Why we are processing your data
  • Categories of data: What types of Personal Data we hold
  • Recipients: Who has received or will receive your data
  • Retention periods: How long we will keep your data
  • Your rights: Information about rectification, erasure, restriction, and objection
  • Complaint procedures: How to lodge a complaint with a supervisory authority
  • Data sources: Where we obtained your data if not from you directly

We provide a copy of your Personal Data in a structured, commonly used, and machine-readable format, free of charge unless requests are manifestly unfounded or excessive.

Right to Rectification (Article 16)

You have the right to obtain without undue delay the rectification of inaccurate Personal Data concerning you. You may also complete incomplete Personal Data, including by means of providing a supplementary statement.

Right to Erasure ('Right to be Forgotten') (Article 17)

You have the right to obtain the erasure of Personal Data concerning you without undue delay where one of the following grounds applies:

  • Purpose fulfilled: The data is no longer necessary for the purposes for which it was collected
  • Consent withdrawn: You withdraw consent and no other legal basis exists
  • Objection sustained: You successfully object to processing based on legitimate interests
  • Unlawful processing: The data has been processed unlawfully
  • Legal obligation: Erasure is required to comply with EU or member state law
  • Children's data: Data was collected in relation to information society services offered to children

This right is subject to exceptions, including when processing is necessary for exercising the right of freedom of expression and information, compliance with legal obligations, or the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing (Article 18)

You have the right to obtain restriction of processing where:

  • Accuracy contested: You contest the accuracy of the data (for a verification period)
  • Unlawful processing: The processing is unlawful and you oppose erasure
  • Purpose fulfilled: We no longer need the data but you require it for legal claims
  • Objection pending: You have objected to processing pending verification of legitimate grounds

During restriction, we may store the data but not process it further, except with your consent or for legal claims.

Right to Data Portability (Article 20)

You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where:

  • Consent-based: Processing is based on consent or contract
  • Automated processing: Processing is carried out by automated means

This right applies to data you have provided to us and includes the right to have the data transmitted directly to another controller where technically feasible.

Right to Object (Article 21)

You have the right to object at any time to processing of Personal Data concerning you which is based on:

  • Legitimate interests: Including profiling based on legitimate interests
  • Direct marketing: Including profiling related to direct marketing
  • Statistical purposes: Processing for scientific or historical research or statistical purposes

We will cease processing unless we demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects, subject to certain exceptions.

Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Exercising Your Rights

To exercise any of these rights, contact us at contact@feedgot.com. We will:

  • Verify your identity using reasonable means to prevent unauthorized access
  • Respond within one month of receiving your request (extendable by two months for complex requests)
  • Provide information in a concise, transparent, intelligible, and easily accessible form
  • Not charge a fee unless requests are manifestly unfounded or excessive
  • Provide reasons if we refuse to act on your request and inform you of your right to complain

Sub-processors

We engage carefully selected sub-processors to provide hosting, storage, analytics, email delivery, and related services. Examples may include infrastructure and hosting providers, email delivery platforms, analytics services, and managed databases. We maintain appropriate agreements and conduct due diligence. A current list is available on request via contact@feedgot.com.

International Transfers

Where Personal Data is transferred outside the EEA/UK, we implement appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), adequacy decisions, and supplementary measures.

Security

We implement technical and organizational measures including encryption in transit, access controls, vulnerability management, and secure development practices. We monitor for threats and aim to minimize risks to confidentiality, integrity, and availability.

Data Retention

Personal Data is retained only as long as necessary to provide the Service and meet legal obligations. Upon account closure, we delete or anonymize data after a reasonable retention period unless law requires longer retention.

Personal Data Breaches

In the event of a Personal Data breach, we will notify the competent supervisory authority within 72 hours when required by law, and we will notify affected users without undue delay where the breach is likely to result in a high risk to rights and freedoms.

Data Processing Addendum (DPA)

For customers who require a signed DPA, contact contact@feedgot.com.

Contact

For GDPR-related inquiries, email contact@feedgot.com.