GDPR Compliance

Last updated: October 5, 2025

ClipInn is committed to protecting the privacy and rights of individuals in the European Union under the General Data Protection Regulation (GDPR).

Our Role Under GDPR

When you use ClipInn:

  • Your organization is the Data Controller for employee data
  • ClipInn acts as a Data Processor on your behalf

We process personal data only according to your instructions and applicable law.

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Limit how we process your data
  • Right to Portability: Receive your data in a portable format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

Lawful Basis for Processing

We process personal data under the following legal bases:

  • Contract: To fulfill our contractual obligations
  • Legitimate Interest: To improve our services
  • Legal Obligation: To comply with applicable laws
  • Consent: Where you have given explicit consent

Data Protection Measures

We implement appropriate technical and organizational measures including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures

International Data Transfers

When we transfer data outside the EEA, we use appropriate safeguards such as:

  • Standard Contractual Clauses approved by the EU Commission
  • Data Processing Agreements with all sub-processors
  • Adequacy decisions where applicable

Sub-Processors

We use carefully selected sub-processors to provide our services. Our current sub-processors include:

  • Payment Provider: Payment processing, subscription management, and tax compliance
  • MongoDB Atlas: Database hosting and management
  • Cloud Infrastructure: Application hosting and deployment
  • Google Analytics: Website analytics

We notify customers of any material changes to our list of sub-processors.

Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

Data Protection Officer

For GDPR-related inquiries, please contact our Data Protection Officer at hr@clipinn.com.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at hr@clipinn.com. We will respond within 30 days.