GDPR Compliance
How Convertly protects your data and respects your privacy under EU regulations.
Last updated: April 2026
Our Commitment to GDPR
As a European company based in Poland, GDPR compliance is built into the foundation of Convertly — not bolted on as an afterthought. We are committed to protecting the personal data of our users and their quiz respondents.
How We Comply
Lawful Processing
We process data based on clear legal grounds: contract performance, legitimate interest, and explicit consent where required.
Data Minimization
We only collect data necessary to provide the service. Quiz tracking uses aggregated metrics — we do not use cookies for tracking quiz respondents.
Encryption and Security
All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Row-level security ensures complete workspace isolation.
Right to Be Forgotten
You can delete your account and all associated data at any time. We process deletion requests within 30 days.
Data Portability
Export your quizzes, lead data, and analytics at any time. Your data belongs to you.
Breach Notification
In the event of a data breach, we notify affected parties within 48 hours as required by GDPR Article 33.
Your Rights Under GDPR
As a data subject, you have the right to:
- Access your personal dataArticle 15
- Rectify inaccurate dataArticle 16
- Erase your dataArticle 17
- Restrict processingArticle 18
- Data portabilityArticle 20
- Object to processingArticle 21
- Not be subject to automated decision-makingArticle 22
To exercise any of these rights, contact us at support@convertly.buzz.
Tracking and Analytics Compliance
When your quiz respondents complete quizzes, Convertly tracks engagement for your benefit. Here is how we do it responsibly:
- No advertising cookies or third-party trackers
- PostHog analytics runs in cookieless mode — no consent banner needed
- Sentry error monitoring has PII collection disabled
- Tracking data is automatically purged after 2 years
- Quiz respondents are not required to accept cookies
- All tracking is first-party and necessary for the service's core functionality
Sub-processors
Third-party services we rely on to deliver Convertly.
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database and Auth | EU |
| Vercel Inc. | Hosting | Global (EU edge) |
| Paddle.com | Payments | UK/EU |
| Resend Inc. | US (SCCs) | |
| PostHog Inc. | Analytics | EU |
| Sentry | Error Monitoring | US (SCCs) |
| Upstash Inc. | Rate Limiting | EU |
Questions about GDPR?
Our team is happy to answer any questions about how we handle your data and ensure compliance.