GDPR Compliance

Tidal Labs as an organization is compliant with GDPR as well as CCPA regulations. This document does not exhaustively describe all the steps we've taken to maintain compliance and readiness, but is rather a summary overview of our compliance status.

  1. Data Protection Officer: our DPO is Burak Kanber. You can reach our DPO by emailing dpo - at - tid - dot - al.
  2. Revocable, Informed Consent: our platform processes personal data. In particular, users of the platform can connect their social accounts for the purposes of sharing statistics and content with brands. In all cases, users can opt-in to and opt-out from this data processing without penalty. In each location (in the product or dashboard) where a user may connect a social account or submit a piece of content, there is a data processing notification that describes to the user in clear language how their data will be used.
  3. Right to be Forgotten: The user dashboard contains an easy to use "delete my account" button that immediately removes all their personal data from the platform. Only financial transaction data (e.g., records of any payments issued to the user) is preserved for accounting purposes.
  4. View my Personal Data: The user dashboard contains an easy to use "download my data" button that immediately provides a standard (JSON) export of all the personal data the platform manages on behalf of the user.
  5. Organizational Controls: Among many other controls, Tidal Labs maintains an internal "GDPR Dataroom", updated quarterly, that contains data fields and their risk and protection classifications; an audit schedule; a list of subprocessors and their compliance status; a list of all data processing activities performed by the platform; a list of technology assets and their status; and a risk assessment matrix.
  6. Technology Controls: Tidal Labs uses various modern technologies to secure the personal data of its users. This includes, but is not limited to, full volume and block level encryption for databases; envelope encryption for individual personal data fields; transport encryption; access control lists; access monitoring; security vulnerability monitoring; zero-day exploit monitoring.
  7. Sub-processors: Tidal Labs uses very few sub-processors; these are primarily infrastructural (eg, server hosting, email transport, payment processing). Tidal Labs ensures that each sub-processor is also GDPR compliant and that appropriate Data Processing Agreements are in place between Tidal Labs and the sub-processor.
  8. Data Processing Agreement: Tidal Labs establishes Data Processing Agreements with the EU Standard Contractual Clauses between ourselves and our customers whenever EU persons are affected.
  9. Incident Readiness: Tidal Labs maintains a pre-established incident response procedure that includes messaging and communication with affected parties in the case of a data leak or inappropriate data access scenario. Tidal Labs also maintains readiness for any audits initiated by data authorities.
  10. Software Security: Each software engineering project involves a security and data privacy review portion.
  11. Security Scans and Training: Tidal Labs staff members are regularly trained on data privacy and security procedures. Additionally, Tidal Labs engineers perform regular internal security scans on the full breadth of the platform.

If you are an existing or prospective customer, you may request a copy of our Security Letter which outlines our practices in more detail. Please reach out to your Tidal Labs account manager for more information.