Sharebrand & GDPR

Introduction

Sharebrand is committed to protecting the privacy and security of our users' data. As a provider of branded file sharing services, we understand the importance of handling data responsibly and ensuring compliance with the General Data Protection Regulation (GDPR). This statement outlines our practices and commitments in relation to data protection and privacy.

This statement is not intended to serve as legal advice. Please consult with your legal advisor to determine how GDPR applies to your business.

What is GDPR?

The General Data Protection Regulation (GDPR), enacted by the European Union (EU) on May 25, 2018, requires organizations to safeguard personal data and uphold the privacy rights of anyone in European Union (EU) territory.

Does GDPR apply to you?

If your business operates within the European Union (EU), or you handle the personal data of individuals in the EU, you are affected by the General Data Protection Regulation (GDPR).

Is Sharebrand GDPR compliant?

Yes, Sharebrand is legally based in the United States and complies with the GDPR framework for all EU customers and data subjects. We implement appropriate technical and organizational measures to ensure data protection.

Sharebrand as a Data Controller

Sharebrand serves as a Data Controller in its relationship with customers, managing the personal information provided for using our service (such as registration information, including email addresses and account details). Sharebrand does not sell personal data to third parties, nor does it use such data for marketing or advertising purposes without explicit consent.

Sharebrand as a Data Processor

When you use Sharebrand to share files with your clients, we act as a Data Processor. The data you upload and share through our platform remains under your control. We process this data solely to provide our file sharing services and do not use it for any other purpose.

We provide you with full control over all the data you share through Sharebrand. You can view, download, and delete your files at any time using our interface. Deleted data is also removed from our backups within 30 days.

We do not sell or share your data or your clients' data with any third parties, except as necessary to provide our services (such as cloud storage providers operating under strict data processing agreements).

Security Measures

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, secure authentication, regular security audits, and access controls. We continuously assess and update our security practices to maintain the highest level of data protection.

Data Subject Rights

Under GDPR, data subjects have the right to access, rectify, erase, restrict processing, data portability, and object to processing of their personal data. We provide tools within our platform to exercise these rights, and our support team is available to assist with any requests.

Sub-processors

We use a minimal number of carefully selected sub-processors to provide our services. All sub-processors are bound by data processing agreements that ensure GDPR compliance. Our current sub-processors include:

  • Vercel (hosting and infrastructure)
  • Supabase (database services)
  • Vercel Blob (file storage)
  • Resend (transactional emails)

Questions or concerns?

If you have any questions about our GDPR compliance or data protection practices, please contact us at founders@sharebrand.io