TermsAndWhat.com - AI Document Analyzer Website

1. Roles

Data Controller

For account information, billing data, and service communications, TermsandWhat acts as the data controller.

Data Processor

For documents you upload for AI analysis, we act as a data processor on your behalf (you remain the controller of your document content).

2. Legal Bases

We process your personal data based on the following legal grounds:

Contract (Article 6(1)(b))

Service delivery, account management, billing

Legitimate Interests (Article 6(1)(f))

Security, fraud prevention, service improvements

Consent (Article 6(1)(a))

Marketing communications, optional analytics

Legal Obligation (Article 6(1)(c))

Tax records, regulatory compliance

3. Your Rights

Under GDPR, you have the following rights regarding your personal data:

✅ Right of Access

Request a copy of your personal data

✏️ Right to Rectification

Correct inaccurate or incomplete data

🗑️ Right to Erasure

Request deletion of your data

⏸️ Right to Restriction

Limit how we process your data

📦 Right to Portability

Receive your data in a structured format

🚫 Right to Object

Object to processing based on legitimate interests

4. Data Subject Requests

How to Submit a Request

Email us at mateocardonarios@gmail.com

Include: Your name, email address, and specific request details

⏱️Response time: Within 30 days (may extend to 60 days for complex requests)

🆔Identity verification: We may request additional information to verify your identity

💰Cost: Generally free (small fee may apply for excessive requests)

5. International Transfers

When transferring your personal data outside the EEA/UK, we ensure adequate protection through:

•Standard Contractual Clauses (SCCs) approved by the European Commission
•Adequacy decisions for countries with equivalent data protection
•Additional safeguards such as encryption and access controls

6. Sub-processors

We work with carefully selected sub-processors who are bound by Data Processing Agreements:

Cloud Infrastructure

Secure hosting and data processing services

Payment Processing

Secure billing and subscription management

Analytics Services

Performance monitoring and service improvement

A complete list of sub-processors is available upon request.

7. Security Measures

We implement appropriate technical and organizational measures to protect your data:

Technical Measures

• End-to-end encryption
• Access controls and authentication
• Regular security audits
• Automated threat detection

Organizational Measures

• Staff training and awareness
• Incident response procedures
• Data minimization practices
• Regular policy reviews

8. Supervisory Authority

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with GDPR.

Find your local authority at edpb.europa.eu

9. Contact

For GDPR-related questions or to exercise your rights, contact us at mateocardonarios@gmail.com

Table of Contents

GDPR Notice