Back to Home

GDPR Compliance

SafetyFI is committed to protecting the privacy rights of individuals in the European Union and complying with the General Data Protection Regulation (GDPR).

Last updated: March 18, 2026

Our Commitment to GDPR

SafetyFI Inc. is committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679 and protecting the privacy rights of individuals in the European Economic Area (EEA), United Kingdom, and Switzerland.

We maintain comprehensive technical and organizational measures to ensure data protection by design and by default. Our privacy management program is regularly audited and updated to maintain compliance with evolving data protection requirements.

GDPR Data Protection Principles

We process personal data in accordance with the following GDPR principles:

Lawfulness, Fairness, Transparency

We process data lawfully, fairly, and in a transparent manner.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes only.

Data Minimization

We only collect data that is adequate, relevant, and limited to what is necessary.

Accuracy

We take reasonable steps to ensure data is accurate and kept up to date.

Storage Limitation

Data is kept in identifiable form only as long as necessary.

Integrity and Confidentiality

We process data securely using appropriate technical and organizational measures.

Technical and Organizational Measures

Data Encryption

AES-256 encryption for all data at rest and TLS 1.3 for data in transit. All emergency data is end-to-end encrypted with keys controlled by the data subject.

Audit Trails

Complete logging of all data access, modifications, and processing activities. Logs are retained for 7 years for compliance purposes.

Access Controls

Role-based access control (RBAC), multi-factor authentication, and principle of least privilege for all internal systems and personnel.

Data Minimization

We only collect data necessary for providing our services. Optional data fields are clearly marked, and consent is obtained where required.

Privacy by Design

Privacy impact assessments for all new features. Data protection considerations are integrated into our development lifecycle from the start.

International Transfers

Standard Contractual Clauses (SCCs) and appropriate safeguards for all international data transfers outside the EEA.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data. To exercise any of these rights, contact us at dpo@safetyfi.com

Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to that data along with information about the processing purposes, categories of data, recipients, and retention periods.

Response time: Within 30 days of request verification.

Right to Rectification (Article 16)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. You also have the right to have incomplete personal data completed.

How to exercise: Update your profile settings or contact support.

Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to obtain the erasure of personal data concerning you without undue delay where one of the following grounds applies: the data is no longer necessary, you withdraw consent, you object to processing, the data was unlawfully processed, or erasure is required by law.

Exceptions: Legal obligations, freedom of expression, public health, archiving purposes.

Right to Restriction of Processing (Article 18)

You have the right to obtain restriction of processing where: you contest the accuracy of the data, the processing is unlawful but you oppose erasure, we no longer need the data but you require it for legal claims, or you have objected to processing pending verification.

Effect: Data will be stored but not processed except with consent or for legal claims.

Right to Data Portability (Article 20)

You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance, where processing is based on consent or contract and carried out by automated means.

Format: JSON or CSV format provided within 30 days.

Right to Object (Article 21)

You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is based on legitimate interests or public task. You have an absolute right to object to direct marketing.

How to exercise: Use unsubscribe links or contact our DPO.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Our practice: SafetyFI does not use automated decision-making for significant decisions affecting users.

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR Article 6:

Contract Performance (Article 6(1)(b))

Processing necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract. This includes account management, service delivery, and customer support.

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate interests or those of a third party, provided your rights do not override these interests. This includes security, fraud prevention, service improvement, and direct marketing (where you have not objected).

Legal Obligation (Article 6(1)(c))

Processing necessary for compliance with a legal obligation to which we are subject. This includes tax records, regulatory compliance, and responding to lawful requests from authorities.

Consent (Article 6(1)(a))

Processing based on your explicit consent for specific purposes. This includes marketing communications, certain cookies, and optional data collection. You may withdraw consent at any time.

International Data Transfers

SafetyFI is headquartered in the United States. When we transfer personal data from the EEA, UK, or Switzerland to other countries, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs)

We use the Standard Contractual Clauses approved by the European Commission for transfers to countries without an adequacy decision. These clauses provide contractual guarantees for data protection.

Adequacy Decisions

For transfers to countries with an EU adequacy decision (such as the UK, Japan, or Canada for commercial organizations), we rely on the adequacy finding as the legal basis for transfer.

Binding Corporate Rules

Where applicable, we rely on Binding Corporate Rules (BCRs) for intra-group transfers. Our BCRs are approved by the relevant supervisory authority.

Derogations

In limited circumstances, we may rely on specific derogations under Article 49 GDPR, such as explicit consent, performance of a contract, or important reasons of public interest.

To obtain a copy of our SCCs or other transfer safeguards, please contact our DPO at dpo@safetyfi.com

Data Breach Notification

In the event of a personal data breach, SafetyFI has established procedures to comply with GDPR breach notification requirements:

72-Hour Notification to Supervisory Authority

We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach, unless the breach is unlikely to result in a risk to individuals' rights and freedoms.

Notification to Affected Individuals

When a breach is likely to result in a high risk to individuals' rights and freedoms, we will notify affected data subjects without undue delay, providing clear information about the breach and recommended protective measures.

Documentation

All breaches are documented, including the facts, effects, and remedial actions taken. This documentation is maintained for compliance verification by supervisory authorities.

Contact Our Data Protection Officer

SafetyFI has appointed a Data Protection Officer (DPO) to oversee our GDPR compliance and handle data protection inquiries. You may contact our DPO for any matters relating to data protection:

Email:

dpo@safetyfi.com

Mail:

SafetyFI Inc.

Attn: Data Protection Officer

Right to Lodge a Complaint: If you believe our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

Updates to This Notice

We may update this GDPR Compliance Notice from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. We will notify you of material changes by posting the updated notice on this page, updating the "Last updated" date, and where appropriate, through additional notices on our website or via email.