GDPR Compliance
How TyneBase ensures GDPR compliance for EU data protection.
Read time:6 minUpdated:2026-01-10
GDPR Compliance
TyneBase is designed for GDPR compliance from the ground up.
Our Commitment
- All data processing within EU/UK data centers
- Privacy by design and default
- Complete data portability
- Right to erasure support
- Transparent data handling
Data Processing
Where Data is Stored
| Data Type | Location | Provider |
|---|---|---|
| Database | EU (Frankfurt) | Supabase |
| File Storage | EU (Frankfurt) | Supabase |
| AI Processing | EU endpoints | OpenAI EU, Vertex AI |
| Embeddings | EU (Frankfurt) | Supabase pgvector |
Data We Collect
| Category | Data | Purpose | Lawful Basis |
|---|---|---|---|
| Account | Email, name | Service provision | Contract |
| Content | Documents | Core functionality | Contract |
| Usage | Page views, actions | Analytics | Legitimate interest |
| AI | Prompts, generations | AI features | Consent |
User Rights
Right of Access (Art. 15)
Export all your data:
- Go to Settings → Privacy
- Click Export My Data
- Download JSON/ZIP archive
Export includes:
- Profile information
- All documents you created
- Comments and discussions
- Activity history
Right to Erasure (Art. 17)
Delete your account and data:
- Go to Settings → Privacy
- Click Delete Account
- 30-day grace period begins
- Permanent deletion after 30 days
During grace period:
- Account is deactivated
- Data preserved but inaccessible
- Can cancel deletion
Right to Portability (Art. 20)
Data export in machine-readable format:
- JSON for structured data
- Markdown for documents
- CSV for activity logs
Consent Management
Granular Consent
Control what data processing you allow:
| Purpose | Default | Can Withdraw |
|---|---|---|
| Essential services | Required | No |
| Analytics | Off | Yes |
| AI processing | Off | Yes |
| Knowledge indexing | Off | Yes |
Managing Consent
- Go to Settings → Privacy → Consent
- Toggle each purpose on/off
- Changes take effect immediately
Data Protection Officer
Contact our DPO for privacy inquiries:
- Email: dpo@tynebase.com
- Response time: 72 hours
Breach Notification
In case of data breach:
- Detection and containment
- Assessment of risk
- Notification within 72 hours (if required)
- User communication
- Post-incident review