Zuddl & GDPR:
Protecting Your Data

Security at Zuddl

At Zuddl, your privacy and trust are our top priorities. We are fully committed to meeting the requirements of the European Union’s General Data Protection Regulation (GDPR) and ensuring the highest standards of data protection for our customers and their users.

1. Your Rights Are Respected

You have full control over your personal data:
- Request access, correction, deletion, or restriction of your data.
- Obtain a copy or object to how it’s processed.

To exercise your rights, email privacy@zuddl.com or visit our Privacy Page at https://www.zuddl.com/privacy-policy.

To be informed in more details about the Processing Activities and our commitment towards the rule of law or exercise your rights, email privacy@zuddl.com or visit our Privacy Page at https://www.zuddl.com/privacy-policy.

2. Data Security

- All personal data is encrypted in transit (TLS 1.2 or higher) and at rest using AES-256 encryption.
- Access to data is strictly limited to authorized personnel.
- Employees complete annual security and privacy training.
- Continuous monitoring is performed through Security Information and Event Management (SIEM) tools to detect and respond to threats in real time.

3. Transparency

- Data is collected and processed only for legitimate business purposes.
- Zuddl never sells personal data.
- We clearly disclose when and how data is processed, including AI-assisted product features.

4. Data Retention & Deletion

- Customer data is retained for the duration of the contract plus 90 days, unless otherwise required by law or contract.
- After the retention period, all customer data is securely deleted from Zuddl’s systems and backups following verified data destruction procedures.

5. Third-Party Partners and Subprocessors

- Zuddl works only with vendors who meet GDPR and security standards.
- All subprocessors, including AI service providers are vetted and bound by Data Protection Agreements (DPAs).
- Clients can view the current sub-processor list at https://trust.zuddl.com/subprocessors.

6. EU Data Residency

Zuddl now offers data hosting within the European Union (EU):
- Clients can choose between EU  and US regions.
- EU data remains fully within the EU to comply with GDPR data-transfer requirements.
- Data is never moved outside the EU without explicit client authorization.

7. Breach Notification

In the unlikely event of a data breach affecting your personal data, Zuddl will promptly notify affected clients and relevant authorities as required under GDPR Articles 33 and 34.

8. Dedicated Data Protection Officer

Rui Serrano, Data Protection Officer (DPO)
dpo@zuddl.com

9. Global Privacy Framework

Zuddl’s privacy management program is certified under ISO 27701, the international privacy extension to ISO 27001, demonstrating our commitment to protecting personal data through governance, transparency, and accountability. We are also fully compliant with the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA), ensuring consistent privacy protections and rights for all users globally.

Contact Us

For privacy inquiries or to exercise your rights:
privacy@zuddl.com
www.zuddl.com/privacy-policy

Zuddl Certifications: SOC 2 | ISO 27001 | ISO 27701 | GDPR | CCPA/CPRAData Hosting Regions: US | EU

If you think you may have discovered a vulnerability, please send us a note.
Report Issue