GDPR Compliance

Tissia's commitment to personal data protection

What is GDPR?

The General Data Protection Regulation (GDPR) is European legislation that protects individuals' rights regarding their personal data. At Tissia, GDPR compliance is integrated into every aspect of our platform.

Our GDPR commitments

Data stored in EU

All data is stored on servers located in the European Union, ensuring full compliance with GDPR data localization requirements.

Complete encryption

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Communications with the platform are always secure.

Right to erasure

You can request complete deletion of your data at any time. We process requests within 30 days.

Data portability

You can export all your data in a standard format (JSON, CSV) whenever you want.

Your role as Data Controller

When you use Tissia to interact with your customers, you become the Data Controller for the personal data of those customers. Tissia acts as the Data Processor.

Your responsibilities as Controller:

  • Inform end customers that they are using an AI chatbot
  • Obtain necessary consent for data collection and processing
  • Update your company's privacy policy
  • Respond to customer requests regarding their personal data
  • Report any data security breach within 72 hours

How Tissia helps you:

  • Predefined information messages about AI usage
  • Tools for managing data access requests
  • Easy export of conversations for a specific client
  • Automatic data deletion at retention period expiry
  • Notifications and logs for auditing

Data Processing Agreement (DPA)

In accordance with Art. 28 GDPR, we offer a Data Processing Agreement (DPA) that defines:

  • Subject and duration of processing
  • Nature and purpose of processing
  • Type of personal data processed
  • Categories of data subjects
  • Obligations and rights of the controller
  • Security measures implemented
  • Conditions for using sub-processors

The DPA is automatically included in the Terms and Conditions of the service and takes effect upon account creation.

Request signed DPA

Sub-processors

We use the following sub-processors to provide our services:

Provider Service Data location
Hetzner Online GmbH Infrastructure hosting Germany, EU
Anthropic AI Model (Claude) EU (via API)
Stripe Payment processing Ireland, EU
Meta Platforms WhatsApp/Messenger API Ireland, EU
Mailjet (Sinch) Transactional email EU

We will notify you at least 30 days before adding a new sub-processor.

Your rights under GDPR

Right of access

Get a copy of your data

Right to rectification

Correct inaccurate data

Right to erasure

Delete data ('right to be forgotten')

Right to restriction

Limit processing

Right to portability

Export data in standard format

Right to object

Object to processing

Contact DPO

For any GDPR-related questions or to exercise your rights, contact our Data Protection Officer:

Data Protection Officer (DPO)
Carpathica Authentic SRL
Strada T. Vladimirescu 12, Apt. 17
440037 Satu Mare, România

dpo@tissia.ro

We respond to all requests within a maximum of 30 calendar days.

Related documents

Terms and Conditions
Privacy
Cookies