GDPR compliance

Tissia's commitment to personal data protection

What is GDPR?

The General Data Protection Regulation (GDPR) is European legislation that protects individuals' rights regarding their personal data. At Tissia, GDPR compliance is integrated into every aspect of our platform.

Our GDPR commitments

Data stored in the EU

All data is stored on servers located in the European Union, ensuring full compliance with GDPR requirements regarding data localisation.

Complete encryption

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Communications with the platform are always secured.

Right to deletion

You can request complete deletion of your data anytime. We process requests within a maximum of 30 days.

Data portability

You can export all your data in a standard format (JSON, CSV) anytime you wish.

Your role as Data Controller

When you use Tissia to interact with your customers, you become a Data Controller for the personal data of those customers. Tissia acts as a Data Processor.

Your responsibilities as a Controller:

  • Inform end customers that they're using an AI chatbot
  • Obtain necessary consent for data collection and processing
  • Update your company's privacy policy
  • Respond to customer requests regarding their personal data
  • Report any data security breach within 72 hours

How Tissia helps you:

  • Predefined informational messages about AI usage
  • Tools for managing data access requests
  • Easy export of conversations for a specific customer
  • Automatic data deletion at retention period expiry
  • Notifications and logs for auditing

Data Processing Agreement (DPA)

In accordance with Art. 28 GDPR, we provide a Data Processing Agreement that defines:

  • The subject and duration of processing
  • The nature and purpose of processing
  • The type of personal data processed
  • The categories of people affected
  • The operator's obligations and rights
  • The security measures implemented
  • Conditions for using sub-processors

The DPA is automatically included in the Terms and Conditions of service and comes into effect upon account creation.

Request signed DPA

Sub-processors

We use the following sub-processors to provide our services:

Provider Service Data location
Hetzner Online GmbH Hosting infrastructure Germany, EU
Anthropic AI Model (Claude) EU (via API)
Stripe Payment processing Ireland, EU
Meta Platforms WhatsApp/Messenger API Ireland, EU
Mailjet (Sinch) Transactional email EU

We will notify you at least 30 days before adding a new sub-processor.

Your rights under GDPR

Right of access

Obtain a copy of your data

Right to rectification

Correct inaccurate data

Right to deletion

Delete data ('right to be forgotten')

Right to restrict

Limit processing

Right to portability

Export data in standard format

Right to object

Object to processing

Contact DPO

For any questions related to GDPR or to exercise your rights, contact our Data Protection Officer:

Data Protection Officer (DPO)
Carpathica Authentic SRL
Strada T. Vladimirescu 12, Apt. 17
440037 Satu Mare, România

dpo@tissia.ro

We respond to all requests within a maximum of 30 calendar days.

Related documents

Terms and Conditions
Confidențialitate
Cookies