GDPR Compliance
AffirmID is committed to protecting the privacy and rights of individuals in the European Union under the General Data Protection Regulation.
Our Commitment
We've designed AffirmID with privacy-by-design principles from the ground up. We collect only necessary data, implement strong security controls, and give you full control over your personal information. Our Data Protection Officer oversees compliance and is available to address any concerns.
Your Rights Under GDPR
As a data subject, you have the following rights that we fully support.
Right to Access
Request a copy of all personal data we hold about you. We provide this in a machine-readable format within 30 days.
Right to Rectification
Correct any inaccurate or incomplete personal data. Update your information directly in your account settings.
Right to Erasure
Request deletion of your personal data (the "right to be forgotten"). We process deletion requests within 30 days.
Right to Restriction
Request that we limit the processing of your personal data while you verify its accuracy or contest our use.
Right to Portability
Receive your personal data in a structured, commonly used format to transfer to another service.
Right to Object
Object to processing of your personal data for direct marketing or when based on legitimate interests.
To exercise any of these rights, contact our Data Protection Officer.
Contact DPOData Processing Activities
Transparency about what data we process, why, and how long we keep it.
| Data Category | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Account Data | Service provision and account management | Contract performance | Duration of account + 30 days |
| Authentication Logs | Security monitoring and fraud prevention | Legitimate interest | Per plan (7-90 days) |
| Device Information | Device authentication and security | Contract performance | Until device removed |
| Usage Analytics | Service improvement and troubleshooting | Legitimate interest | 12 months (anonymized) |
| Payment Data | Subscription billing | Contract performance | As required by law |
International Data Transfers
AffirmID processes data in the United States. For transfers of personal data from the European Economic Area (EEA), we rely on:
- Standard Contractual Clauses (SCCs) - EU-approved contractual terms ensuring adequate data protection
- Supplementary Measures - Additional technical and organizational safeguards including encryption
- Data Processing Agreements - Binding agreements with all sub-processors
We maintain a list of sub-processors and notify customers of any changes. Contact us for a copy of our DPA.
Data Protection Officer
Our DPO is available to address any questions or concerns about our data processing practices.
Email: dpo@affirmid.com
Address:
AffirmID, Inc.
Attn: Data Protection Officer
548 Market St, Suite 72890
San Francisco, CA 94104
Supervisory Authority
If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.
For our EU representative:
EU Representative:
AffirmID EU Representative
Dublin, Ireland
Email: eu-rep@affirmid.com