GDPR & Data Protection Compliance

Our Commitment

• Compliant with EU GDPR principles and rights framework.
• Compliant with applicable UAE Data Protection Law obligations.
• Aligned with ISO 27001 information security controls where applicable.
• Regular independent and third-party security and compliance assessments.

Legal Basis for Processing

• Contract performance to provide and operate the service.
• Legitimate interest to improve reliability, quality, and user experience.
• Consent for optional marketing communications.
• Legal obligation for statutory and financial recordkeeping.

Your Rights Under GDPR

Right to Access

• Request a copy of your personal data.
• Response within 30 days.
• First request is free of charge.
• Request via email: support@leadro.io.

Right to Rectification

• Correct inaccurate personal data.
• Update incomplete records.
• Available through dashboard settings or by email request.

Right to Erasure ("Right to be Forgotten")

• Request deletion of personal data.
• We comply within 30 days where no legal exemption applies.
• Some records may be retained for legal or regulatory requirements.
• Request via email: support@leadro.io.

Right to Data Portability

• Export your data in JSON or CSV format.
• Transfer data to another provider where technically feasible.
• Available in dashboard settings.

Right to Restrict Processing

• Limit the way we process specific personal data.
• Object to specific processing activities where legally permitted.
• Request via email: support@leadro.io.

Right to Withdraw Consent

• Unsubscribe from marketing at any time.
• Delete your account and personal data.
• Manage via dashboard or by email request.

Data Protection Measures

• AES-256 encryption for data at rest and secure transport encryption for data in transit.
• Secure cloud infrastructure, including AWS EU region controls where applicable.
• Regular penetration testing and security hardening practices.
• Mandatory staff training on data protection and secure handling.
• Data processing agreements with critical subprocessors and vendors.

Data Transfers

• Data is stored in approved EU and UAE hosting environments.
• International transfers use Standard Contractual Clauses where required.
• Appropriate technical and contractual safeguards are applied.

Breach Notification

• Relevant authorities are notified within 72 hours when legally required.
• Affected users are notified without undue delay.
• A documented incident response and remediation process is in place.

Data Retention

• Active accounts: retained while account remains active.
• Deleted accounts: retained up to 30 days before deletion workflows complete.
• Financial records: retained for 7 years to meet legal requirements.
• Anonymized analytics: may be retained indefinitely.

Children's Privacy

• Leadro is not intended for individuals under 18 years of age.
• We do not knowingly collect personal data from children.
• Where applicable, verified parent or guardian consent is required.

Contact Our DPO

• Data Protection Officer: support@leadro.io
• Address: Dubai, UAE
• Phone: +971 52 101 6738