09 / LEGAL

GDPR commitment.

Your data rights under EU law and exactly how we honor them. No dark patterns, no excuses.

Our GDPR commitment

Amazstock is built EU-first. GDPR isn't a checkbox for us — it's the architecture. Data lives in the EU. Encryption is mandatory. Your rights are explicit.

Your rights

Under the EU General Data Protection Regulation (GDPR), you have these rights regarding your personal data:

Right to access

Request a copy of all personal data we hold about you. We respond within 30 days.

Right to rectification

Correct inaccurate or incomplete data. You can edit most data directly in your account; for everything else, email us.

Right to erasure ("right to be forgotten")

Request deletion of your data. We delete within 30 days, except where retention is required by law (e.g., tax records).

Right to restrict processing

Limit how we use your data while a complaint is being resolved.

Right to data portability

Export your data as CSV or JSON to take to another service. Available 24/7 from your account.

Right to object

Object to specific processing. Note: some processing is required to provide the Service (e.g., authentication); objecting may require cancellation.

Right not to be subject to automated decision-making

We use AI features (slow-mover detection, photo lookup), but they assist decisions — they don't make legal or significant decisions about you automatically.

How to exercise your rights

Email privacy@amazstock.online. We respond within 30 days (often faster). No fee for reasonable requests.

Data Processing Agreement (DPA)

For customers acting as data controllers (which is most of you, since you handle your own customers' data), we provide a Data Processing Agreement on request. Pro and Enterprise plans include the DPA by default.

Request a DPA: legal@amazstock.online

Where data is stored

All personal data is stored within the EU (AWS Frankfurt). No data transfers outside the EU.

Sub-processors

Our sub-processors are GDPR-compliant. Full list and roles in our Privacy Policy.

Data breach response

In the unlikely event of a data breach, we notify affected users within 72 hours (per Art. 33 GDPR). We follow a documented incident response plan, audited annually.

Data Protection Officer

Our DPO can be reached at dpo@amazstock.online.

Supervisory authority

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local EU data protection authority.