Trust & Security

Data Privacy & GDPR

Your privacy is fundamental to how we build and operate Landera.

Our Commitment to Data Protection

At Landera, we believe privacy is a fundamental right. We are committed to being transparent about our data practices, giving you control over your personal information, and protecting your data with industry-leading security measures. We comply with GDPR, CCPA, and other applicable data protection regulations worldwide.

GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to individuals in the European Economic Area (EEA). Landera is committed to full GDPR compliance.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: Processing necessary to provide the Service you requested
  • Legitimate Interest: Processing for our legitimate business interests, such as fraud prevention and service improvement
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal Obligation: Processing required to comply with applicable laws

Your Rights Under GDPR

If you are located in the EEA, you have the following rights:

1

Right to Access

Request a copy of all personal data we hold about you.

2

Right to Rectification

Request correction of inaccurate or incomplete personal data.

3

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data under certain circumstances.

4

Right to Restrict Processing

Request that we limit how we use your data in certain situations.

5

Right to Data Portability

Receive your data in a structured, machine-readable format.

6

Right to Object

Object to processing based on legitimate interests or for direct marketing.

7

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

8

Right to Lodge a Complaint

File a complaint with your local data protection authority.

California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: What personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Opt-Out: Opt out of the sale or sharing of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Note: We do not sell your personal information to third parties.

Data Processing Details

Data CategoryPurposeRetention
Account DataAuthentication, account managementUntil account deletion + 30 days
Resume ContentAI optimization serviceUntil account deletion + 30 days
Payment DataSubscription billing7 years (legal requirement)
Usage AnalyticsService improvement26 months
Support CommunicationsCustomer support3 years

International Data Transfers

Your data may be transferred to and processed in the United States. For transfers from the EEA, UK, or Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all sub-processors
  • Technical and organizational security measures

Sub-processors

We use the following sub-processors to provide our Service:

ProviderPurposeLocation
SupabaseDatabase & AuthenticationUnited States
StripePayment ProcessingUnited States
OpenAIAI ProcessingUnited States
VercelWebsite HostingUnited States
SendGridEmail DeliveryUnited States
Google AnalyticsWebsite AnalyticsUnited States

Security Measures

We implement comprehensive technical and organizational measures to protect your data:

Technical Measures

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Secure authentication (bcrypt hashing)
  • Regular security audits
  • Automated vulnerability scanning

Organizational Measures

  • Access controls and least privilege
  • Employee security training
  • Incident response procedures
  • Vendor security assessments
  • Data protection impact assessments

Data Breach Notification

In the event of a data breach that affects your personal data, we will notify the relevant supervisory authority within 72 hours as required by GDPR. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

How to Exercise Your Rights

To exercise any of your privacy rights, you can:

  • Email us at privacy@landera.ai
  • Use the account settings in your dashboard to download or delete your data
  • Contact our Data Protection Officer (see below)

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

Data Protection Officer

For questions about our data practices or to exercise your rights, contact our Data Protection Officer:

Email: privacy@landera.ai

Response Time: Within 30 days

Related policies: Privacy PolicyTerms of Service