GDPR applies to any organization that processes personal data of EU residents, regardless of where the organization is located. If you have EU customers, GDPR likely applies to you.
ABV’s Role Under GDPR
When you use ABV, you are the data controller (you determine what data to process and why), and ABV is your data processor (we process data on your behalf). We use sub-processors (AWS, ClickHouse, LLM providers) who all have appropriate GDPR safeguards and Data Processing Agreements. View our Data Processing Agreement for details.How ABV Ensures GDPR Compliance
Data Processing Agreement
Data Processing Agreement
We offer a DPA to all customers defining our obligations, security measures, sub-processors, and breach procedures. Includes Standard Contractual Clauses for international transfers. View DPA or contact [email protected].
Data Minimization & Purpose Limitation
Data Minimization & Purpose Limitation
We only process data necessary for the ABV service. We use your data for service delivery, security, and legal compliance only—never to train AI models, sell data, or use for unrelated marketing.
Data Retention
Data Retention
You control retention periods per project (7 days to unlimited). Data is automatically deleted after the retention period, or you can manually delete at any time. Learn more
Security
Security
Encryption in transit (TLS 1.2+) and at rest (AES-256), RBAC, SSO/MFA, regular security audits (ISO 27001). Learn more
International Transfers
International Transfers
EU data region available (Ireland) to avoid transfers. Standard Contractual Clauses used for necessary transfers. Learn more
Data Subject Rights
Data Subject Rights
Tools to export, correct, delete, and restrict processing of personal data. Learn more
Breach Notification
Breach Notification
24/7 monitoring with customer notification within 72 hours if personal data is breached. Learn more
Managing Personal Data in ABV
Data Masking
Data Masking
Automatically redact PII (emails, phone numbers, SSNs, credit cards) before storage using built-in detection or custom regex patterns. Learn more
User Tracking & Deletion
User Tracking & Deletion
Tag traces with user IDs to enable bulk deletion of all data for a specific user, making DSAR responses quick and efficient. Learn more | Data deletion
Data Retention
Data Retention
Configure project-level retention policies for automatic deletion. Learn more
Data Export
Data Export
Export data in CSV or JSON format via UI or API to fulfill data portability requests. Learn more
Data Subject Access Requests (DSAR)
For ABV Customers: Use ABV’s search and export features to identify and export data for specific users. Search by user ID, filter by metadata, or use timestamp ranges. Export via dashboard or API, then respond to the individual within 30 days. DSARs to ABV: For customer data, we redirect to you (the controller). For ABV account data, we respond directly. Email [email protected] with subject “DSAR Request”.International Data Transfers
EU Data Region
EU Data Region
Store data in Ireland (AWS eu-west-1) to keep data within the EEA and avoid international transfers. Learn more
Standard Contractual Clauses
Standard Contractual Clauses
For transfers to US region or sub-processors, we use EU Commission-approved SCCs with additional safeguards (encryption, access controls). Included in our DPA.
Sub-Processors
Sub-Processors
AWS and ClickHouse are in EU or US based on your region. LLM providers (OpenAI, Anthropic, Google) are US-based but have adequate safeguards. All sub-processors have signed DPAs.