GDPR Compliance

ImprovMX maintains GDPR compliance through comprehensive data protection practices. We operate as a data processor for our customers and are committed to transparency regarding personal data handling.

Data Collection

We gather registration information, payment details, technical usage data, and location information. Not all customers will be 'data subjects', as data subjects are only individuals.

Security Measures

We employ encrypted HTTPS communication, isolated data containers, and encrypted backups retained for one week. Customer data from EU users resides in French datacenters hosted by OVH.

Data Subject Rights

ImprovMX enforces all GDPR rights including access, deletion, portability, and rectification. Users can submit requests through our contact form.

Data Processing Agreements

We provide signed DPAs to customers and require them from all sub-processors to ensure compliance standards.

Breach Response

In case of unauthorized access, we will notify all of our customers within 72 hours after the breach was detected.

Data Retention

Customer data is retained only during active service usage or until deletion is requested, with immediate processing of deletion requests.