General Data Protection Regulation (GDPR) Compliance Policy
Last Updated: March 2, 2025
Introduction
This GDPR Compliance Policy ("Policy") outlines how Generative Flows AI Sàrl, CHE-399.336.060, registered at Chemin de Prael 7F, 1030 Bussigny, Switzerland, doing business as GFAI ("Company," "we," "us," or "our") ensures compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") in the processing of personal data.
This document is specifically for our European Union users and outlines your rights under GDPR.
1. Data Controller Information
1.1. Data Controller: Generative Flows AI Sàrl (GFAI), CHE-399.336.060, is the data controller responsible for your personal data.
1.2. Registered Address: Chemin de Prael 7F, 1030 Bussigny, Switzerland
1.3. Contact Information:
- Email: [email protected]
- Support: [email protected]
- Website: https://secretcrush.ai
1.4. Data Protection Officer: We do not have a dedicated Data Protection Officer. Privacy inquiries are handled by our team at [email protected].
2. Legal Basis for Processing
We process personal data based on the following legal bases under Article 6 GDPR:
2.1. Consent: For optional features and certain data processing activities.
2.2. Contract Performance: To provide the services you've requested.
2.3. Legitimate Interests: For service improvement, security, and analytics.
2.4. Legal Obligation: To comply with applicable laws.
3. Your Rights Under GDPR
3.1. Right of Access (Article 15)
You have the right to obtain confirmation of whether we process your personal data and access your personal data.
3.2. Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected.
3.3. Right to Erasure (Article 17)
You have the right to have your personal data erased in certain circumstances.
3.4. Right to Restrict Processing (Article 18)
You have the right to restrict processing in certain circumstances.
3.5. Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured format.
3.6. Right to Object (Article 21)
You have the right to object to processing based on legitimate interests or direct marketing.
4. Exercising Your Rights
4.1. How to Exercise Rights: Contact us at [email protected] with your request.
4.2. Identity Verification: We may require identity verification to prevent unauthorized access to your data.
4.3. Response Time: We will respond to your request within one month of receipt.
4.4. Free of Charge: We will not charge fees for exercising your rights unless requests are excessive.
5. Data Transfers
5.1. International Transfers: We may transfer personal data outside the EEA to provide our services.
5.2. Safeguards: We use appropriate safeguards for transfers such as Standard Contractual Clauses where necessary.
6. Data Security
6.1. Security Measures: We implement appropriate technical and organizational measures to protect personal data.
6.2. Breach Notification: We will notify the relevant supervisory authority of personal data breaches where required by law.
7. Supervisory Authority
7.1. Right to Lodge Complaints: You have the right to lodge a complaint with a supervisory authority if you believe we have violated GDPR.
7.2. Cooperation: We cooperate with supervisory authorities as required by law.
8. Updates to This Policy
8.1. Updates: We may update this policy from time to time.
8.2. Notification: We will notify you of material changes to this policy.
Contact Information
For GDPR-related inquiries and all other legal matters: