GDPR Compliance

Our Commitment to GDPR

Surva.ai, operated by Social Intents, LLC, is committed to protecting the privacy and security of personal data. We comply with the General Data Protection Regulation (GDPR) and process personal data in accordance with applicable data protection laws.

This page explains your rights under GDPR and how we handle your personal data.

Data Controller

Social Intents, LLC acts as the Data Controller for personal data collected through the Surva.ai platform. For questions about data protection, you can contact us at:

• Email: info@socialintents.com
• Address: Social Intents, LLC, 123 Business Street, Suite 100, Boulder, CO 80301, USA

Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

• Contractual necessity: Processing required to fulfill our service agreement with you
• Legitimate interests: Processing necessary for our legitimate business purposes, such as improving our services and fraud prevention
• Consent: Processing based on your explicit consent, which you can withdraw at any time
• Legal obligations: Processing required to comply with applicable laws and regulations

Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within 30 days of your request.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes it was collected
• You withdraw your consent (where consent was the basis for processing)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you.

Data We Collect

We collect and process the following categories of personal data:

• Account information: Name, email address, company name, and billing information
• Usage data: Information about how you use our services, including features accessed and time spent
• Technical data: IP address, browser type, device information, and cookies
• Communication data: Records of correspondence with our support team

For more details about data collection, please see our Privacy Policy.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When data is no longer needed, we securely delete or anonymize it.

International Data Transfers

Surva.ai is based in the United States. If you are located in the EEA, UK, or Switzerland, your personal data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Technical and organizational security measures
• Data processing agreements with our service providers

Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication measures
• Regular security assessments and updates
• Employee training on data protection

Sub-Processors

We use the following categories of sub-processors to help provide our services:

• Cloud infrastructure: Amazon Web Services (AWS) for hosting and data storage
• Payment processing: Stripe for secure payment handling
• Email services: For transactional and marketing communications
• Analytics: To understand service usage and improve our product

All sub-processors are bound by data processing agreements that require them to protect your data in accordance with GDPR.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

• Email: info@socialintents.com

We will respond to your request within 30 days. You may also have the right to lodge a complaint with your local supervisory authority if you believe your rights have been violated.

Cookies and Tracking

We use cookies and similar technologies on our website. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

Updates to This Page

We may update this GDPR compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting a notice on our website or by email.

Contact Us

If you have any questions about our GDPR compliance or data protection practices, please contact us:

• Email: info@socialintents.com
• Web: Contact Form