GDPR Compliance

Tissia commitment to personal data protection

What is GDPR?

The General Data Protection Regulation (GDPR) is European legislation that protects the rights of individuals regarding their personal data. At Tissia, GDPR compliance is integrated into every aspect of our platform.

Our GDPR commitments

Data stored in EU

All data is stored on servers located in the European Union, ensuring full compliance with GDPR data localization requirements.

Full encryption

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Communications with the platform are always secure.

Right to deletion

You can request complete deletion of your data at any time. We process requests within 30 days.

Data portability

You can export all your data in a standard format (JSON, CSV) whenever you want.

Your role as Data Controller

When you use Tissia to interact with your customers, you become a Data Controller for the personal data of those customers. Tissia acts as a Data Processor.

Your responsibilities as Controller:

  • Inform end customers that they are using an AI chatbot
  • Obtain the necessary consent for data collection and processing
  • Update your company privacy policy
  • Respond to customer requests regarding their personal data
  • Report any data security breach within 72 hours

How Tissia helps you:

  • Predefined information messages about AI usage
  • Tools for managing data access requests
  • Easy export of conversations for a specific customer
  • Automatic data deletion upon retention period expiration
  • Notifications and logs for auditing

Data Processing Agreement (DPA)

In accordance with Art. 28 GDPR, we provide a Data Processing Agreement (DPA) that defines:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Type of personal data processed
  • Categories of data subjects
  • Obligations and rights of the controller
  • Security measures implemented
  • Conditions for using sub-processors

The DPA is automatically included in the Terms and Conditions of service and takes effect upon account creation.

Request signed DPA

Sub-processors

We use the following sub-processors to provide our services:

Provider Service Data location
Hetzner Online GmbH Infrastructure hosting Germany, EU
Anthropic AI Model (Claude) EU (via API)
Stripe Payment processing Ireland, EU
Meta Platforms WhatsApp/Messenger API Ireland, EU
Mailjet (Sinch) Transactional email EU

We will notify you at least 30 days before adding a new sub-processor.

Your rights under GDPR

Right of access

Obtain a copy of your data

Right to rectification

Correct inaccurate data

Right to deletion

Delete data ('right to be forgotten')

Right to restriction

Limit processing

Right to portability

Export data in standard format

Right to object

Object to processing

Contact DPO

For any questions about the GDPR or to exercise your rights, please contact our Data Protection Officer:

Data Protection Officer (DPO)
Carpathica Authentic SRL
Strada T. Vladimirescu 12, Apt. 17
440037 Satu Mare, România

dpo@tissia.ro

We respond to all requests within 30 calendar days.

Related documents

Terms and Conditions
Privacy
Cookies