GDPR Compliance
Jewelshot is committed to protecting the privacy and rights of individuals in the European Union under the General Data Protection Regulation (GDPR).
Your Rights Under GDPR
Right to Access
You can request a copy of all personal data we hold about you. We will provide this within 30 days.
Right to Rectification
You can correct any inaccurate or incomplete personal data through your account settings.
Right to Erasure
You can request deletion of your personal data. We will process this within 30 days.
Right to Restrict Processing
You can limit how we use your data while we address any concerns you may have.
Right to Data Portability
You can receive your data in a structured, machine-readable format.
Right to Object
You can object to processing of your data for marketing or profiling purposes.
Legal Basis for Processing
Contract Performance
Processing necessary to provide you with our services (image processing, gallery storage, etc.)
Legitimate Interests
Processing for our legitimate business interests, balanced against your rights
Consent
Processing based on your explicit consent, which you can withdraw anytime
Legal Obligation
Processing required to comply with applicable laws
Data We Collect & Retention
| Category | Examples | Retention |
|---|---|---|
| Identity Data | Name, email address, user ID | Until account deletion |
| Authentication Data | Hashed password, OAuth tokens | Until account deletion |
| Uploaded Content | Product images you upload | Until you delete or close account |
| Generated Content | AI-generated images | Until you delete or close account |
| Usage Data | Features used, session duration | 90 days |
| Technical Data | IP address, browser type | 90 days |
| Payment Data | Subscription status, invoice history | 7 years (legal requirement) |
International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure adequate protection through:
Standard Contractual Clauses
EU-approved data transfer agreements
Data Processing Agreements
Binding contracts with all processors
Adequacy Decisions
Using providers in approved countries
Technical Safeguards
Encryption and pseudonymization
Data Protection Contact
Contact Our DPO
For any GDPR-related inquiries or to exercise your data protection rights, please contact our Data Protection Officer:
dpo@jewelshot.aiHow to Exercise Your Rights
Submit a Request
Email our DPO at dpo@jewelshot.ai or use the self-service options in your account settings. Include your name and the specific right you wish to exercise.
Identity Verification
We may ask you to verify your identity to protect your data from unauthorized access. This typically involves confirming your email address.
Processing
We will respond to your request within 30 days. Complex requests may take up to 60 days, in which case we will notify you of the extension.
Right to Lodge a Complaint
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with your local supervisory authority. We encourage you to contact us first so we can address your concerns directly.
A list of EU data protection authorities can be found at the European Data Protection Board website: edpb.europa.eu