GDPR Compliance
Last updated: January 2026
VectorGap is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This page explains how we handle data for users in the European Economic Area (EEA).
Our Commitment
As a company headquartered in Brussels, Belgium, we take GDPR compliance seriously. We process personal data lawfully, fairly, and transparently. We collect only what we need and protect it with appropriate security measures.
Legal Basis for Processing
We process personal data under the following legal bases:
- Contract Performance: To provide our services to you as agreed in our Terms of Service.
- Legitimate Interests: For purposes like improving our services, fraud prevention, and security.
- Consent: For optional features like marketing communications. You can withdraw consent anytime.
- Legal Obligations: When required by law, such as tax records or responding to legal requests.
Your Rights Under GDPR
As an EEA resident, you have the following rights:
Right to Access
You can request a copy of all personal data we hold about you. We'll provide this in a commonly used electronic format within 30 days.
Right to Rectification
If any personal data we hold is inaccurate or incomplete, you can request correction. Update your information directly in your account settings or contact us.
Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data when:
- The data is no longer necessary for its original purpose
- You withdraw consent (where consent was the legal basis)
- You object to processing and there are no overriding legitimate grounds
- The data was unlawfully processed
Note: We may retain certain data where required by law or for legitimate business purposes (like maintaining security logs).
Right to Data Portability
You can request your data in a structured, machine-readable format (JSON) to transfer to another service. Export your data from your account settings.
Right to Object
You can object to processing based on legitimate interests. We'll stop processing unless we demonstrate compelling legitimate grounds.
Right to Restrict Processing
You can request we limit how we use your data while we address your concerns about accuracy or our processing grounds.
Data We Collect
We collect and process the following categories of personal data:
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Email, name, company | Account management, communication |
| Usage Data | Features used, audit history | Service delivery, improvements |
| Technical Data | IP address, browser type | Security, troubleshooting |
| Payment Data | Billing address (via LemonSqueezy) | Payment processing |
Data Retention
We retain personal data only as long as necessary:
- Active accounts: Data retained while account is active
- Closed accounts: Core data deleted within 90 days
- Audit logs: Retained for 2 years for security purposes
- Financial records: Retained 7 years per tax law
International Transfers
VectorGap is headquartered in Belgium (EU). We primarily store and process data within the European Economic Area. When we transfer data outside the EEA (for example, to cloud service providers), we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the EU Commission
- Adequacy decisions for countries with equivalent data protection
- Binding Corporate Rules where applicable
Sub-processors
We use the following sub-processors to deliver our services:
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel | Application hosting | EU region available |
| Neon | Database hosting | EU region |
| Resend | Email delivery | EU compliant |
| LemonSqueezy | Payment processing | EU merchant of record |
| PostHog | Product analytics | EU-hosted |
Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Access controls and authentication requirements
- Regular security assessments and monitoring
- Employee training on data protection
- Incident response procedures
Data Protection Officer
For GDPR-related inquiries, you can contact our Data Protection team at:
Email: privacy@vectorgap.ai
Address: VectorGap, Brussels, Belgium
Supervisory Authority
If you believe we haven't addressed your concerns adequately, you have the right to lodge a complaint with a supervisory authority. For Belgium, this is the Data Protection Authority (Autorité de protection des données):
https://www.dataprotectionauthority.be
Exercising Your Rights
To exercise any of your GDPR rights:
- Log in to your account and visit Settings → Privacy
- Email privacy@vectorgap.ai with your request
- We'll respond within 30 days (extendable to 90 days for complex requests)
We may ask you to verify your identity before processing requests to protect your data from unauthorized access.
Changes to This Policy
We may update this GDPR compliance page as our practices evolve or regulations change. Material changes will be communicated via email or in-app notification.
Questions?
Contact our privacy team at privacy@vectorgap.ai with any questions about GDPR compliance or your personal data.