GDPR Compliance
1. Our commitment
ConvertPalms is built to comply with Regulation (EU) 2016/679 (the GDPR) and the UK GDPR. We apply the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality at every layer.
2. Controller / processor roles
- For account, billing and usage data, Palms Sky Conv acts as the data controller.
- For invoice content (which is held in your browser) and logos (held briefly on our server), we act as a data processor on your behalf.
3. Security & organisational measures
- TLS 1.2/1.3 in transit; AES-256 at rest;
- Logos auto-deleted within one hour;
- Role-based access with least-privilege defaults;
- 72-hour breach-notification process;
- Vendor risk reviews of every sub-processor;
- Documented incident-response plan.
4. Sub-processors
| Sub-processor | Service | Country |
|---|---|---|
| Hosting provider | Compute & storage | EU |
| Stripe, Inc. | Payments (Pro) | US |
| Cloudflare, Inc. | DNS, CDN, DDoS protection | Global |
| Google LLC | OAuth (optional) | US |
| Email provider | Transactional email | EU |
5. International transfers
Where personal data leaves the EEA / UK we rely on the European Commission's Standard Contractual Clauses (Decision 2021/914) and the UK IDTA.
6. Your rights
Email [email protected] to access, rectify, erase, restrict, object, withdraw consent, or request portability. You also have the right to lodge a complaint with your local supervisory authority.
7. Data Processing Addendum
Business customers may request a counter-signed DPA — see /legal/dpa.html or email [email protected].
8. Data Protection Officer
[email protected] · Palms Sky Conv, 30 T Route du Vieux Flamboyant, Saint-Gilles-Les-Hauts, 97460 Saint-Paul, Réunion, France.