GDPR Compliance
Last updated: January 25, 2026
Effective: January 25, 2026
Our Commitment to GDPR
Chartav.io is committed to protecting the privacy and rights of individuals under the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights as a data subject.
Your Rights Under GDPR
Under GDPR, you have the following rights regarding your personal data:
Right to Access (Article 15)
You have the right to obtain confirmation of whether we process your personal data and access to that data. You can export your data at any time from Settings → Data Management → Export All Data.
Right to Rectification (Article 16)
You have the right to correct inaccurate personal data. You can update your profile information directly in the application at any time.
Right to Erasure (Article 17)
You have the right to have your personal data deleted ("right to be forgotten"). You can delete your account and all associated data from Settings → Account → Delete Account.
Right to Restrict Processing (Article 18)
You can request that we limit how we process your data in certain circumstances. Contact us at privacy@buildorgchart.com to make this request.
Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used format. We support export in JSON and CSV formats.
Right to Object (Article 21)
You can object to processing of your personal data for certain purposes, including direct marketing. Contact us to exercise this right.
Legal Basis for Processing
We process personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Contract performance |
| Service delivery | Contract performance |
| Customer support | Contract performance / Legitimate interest |
| Analytics (anonymized) | Legitimate interest |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
Data Processing Agreement
If you are a customer using Chartav.io to process employee data, you may be acting as a Data Controller, and we act as a Data Processor on your behalf.
We offer a Data Processing Agreement (DPA) that outlines our obligations under GDPR Article 28. To request a DPA, please contact legal@buildorgchart.com.
Sub-Processors
We use the following sub-processors to deliver our services:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Hosting and infrastructure | United States |
| Supabase Inc. | Database and authentication | United States / EU |
| Stripe Inc. | Payment processing | United States |
All sub-processors are bound by contractual obligations to protect your data in accordance with GDPR.
International Data Transfers
When personal data is transferred outside the European Economic Area (EEA), we ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Additional technical and organizational measures
Data Protection Officer
For GDPR-related inquiries, you can contact our Data Protection team at: dpo@buildorgchart.com
Mailing address:
BuildOrgChart, Inc.
Attn: Data Protection
[Address upon request]
Supervisory Authority
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with a supervisory authority in the EU member state of your residence, place of work, or where the alleged infringement occurred.
Related Policies
See also: Privacy Policy | Security | Cookie Policy