GDPR Compliance

Your data rights and our commitment to privacy protection

Last updated: 6/1/2025

🛡️ GDPR Compliant by Design

SessionLens is built with privacy-first principles and full GDPR compliance. We believe that powerful analytics and strong privacy protection can coexist, and we've designed our platform to prove it.

Your Data Rights Under GDPR

👁️Right to Access

You have the right to know what personal data we hold about you and how we process it.

How to exercise: Email privacy@sessionlens.com with your request

✏️Right to Rectification

You can request correction of inaccurate or incomplete personal data.

How to exercise: Update your profile in your dashboard or contact us

🗑️Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data under certain circumstances.

How to exercise: Delete your account or email privacy@sessionlens.com

⏸️Right to Restrict Processing

You can request that we limit how we process your personal data.

How to exercise: Contact privacy@sessionlens.com with your request

📦Right to Data Portability

You can request a copy of your data in a machine-readable format.

How to exercise: Export data from your dashboard or contact us

🚫Right to Object

You can object to processing based on legitimate interests or for direct marketing.

How to exercise: Adjust settings in your dashboard or contact us

How We Protect Your Data

🔐 Technical Safeguards

  • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Audits: Quarterly security assessments and penetration testing
  • Data Minimization: We only collect data necessary for our service

🏢 Organizational Measures

  • Privacy by Design: Privacy considerations built into every feature
  • Staff Training: Regular GDPR and privacy training for all employees
  • Data Protection Officer: Dedicated DPO overseeing compliance
  • Incident Response: 24/7 monitoring and rapid breach response procedures

Legal Basis for Processing

Data TypeLegal BasisPurpose
Account InformationContract PerformanceProvide our service
Usage AnalyticsLegitimate InterestService improvement
Marketing CommunicationsConsentProduct updates (opt-in)
Security LogsLegitimate InterestSecurity and fraud prevention

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy:

  • Account Data: Until account deletion + 30 days for recovery
  • Analytics Data: Anonymized after 90 days, aggregated data retained for 2 years
  • Security Logs: 1 year for security monitoring
  • Support Communications: 3 years for quality assurance

International Data Transfers

SessionLens primarily processes data within the EU. When we do transfer data internationally:

  • We use Standard Contractual Clauses (SCCs) approved by the European Commission
  • We ensure adequate protection through additional safeguards
  • We regularly assess the legal environment in destination countries
  • We provide transparency about where your data is processed

Exercise Your Rights

📧 Contact Our DPO

For any privacy-related questions or to exercise your rights:

Email: dpo@sessionlens.com

Response Time: Within 30 days

Languages: English, German, French

⚖️ Supervisory Authority

You have the right to lodge a complaint with your local data protection authority:

EU: Your national DPA

UK: Information Commissioner's Office (ICO)

Lead Authority: Irish Data Protection Commission

Quick Actions

Access Your Data
View and download your data
Request Deletion
Delete your account and data
Contact DPO
Privacy questions and concerns

Privacy-First Analytics

At SessionLens, GDPR compliance isn't just about following the law—it's about respecting your fundamental right to privacy while providing powerful analytics insights.

Read Our Full Privacy Policy