GDPR Compliance
Optinex AI is committed to full compliance with the General Data Protection Regulation (GDPR). Learn how we protect your data rights as an EU resident.
Last updated: February 20, 2026
Our Data Protection Principles
We adhere to the core principles of the GDPR in all our data processing activities.
Lawfulness & Fairness
We process personal data lawfully, fairly, and transparently with a valid legal basis for every processing activity.
Purpose Limitation
Data is collected for specified, explicit, and legitimate purposes and not further processed in an incompatible manner.
Data Minimization
We collect only the personal data that is adequate, relevant, and limited to what is necessary for our services.
Accuracy
We take reasonable steps to ensure personal data is accurate and kept up to date, with inaccurate data corrected or deleted.
Data Subject Rights
As an EU/EEA resident, you have the following rights regarding your personal data.
Right of Access
You can request a copy of all personal data we hold about you, along with information about how it is processed.
Right to Rectification
You can request correction of inaccurate personal data or completion of incomplete data we hold about you.
Right to Erasure
You can request deletion of your personal data when it is no longer necessary for the purpose it was collected.
Right to Restriction
You can request that we limit the processing of your personal data under certain circumstances.
Right to Data Portability
You can receive your personal data in a structured, commonly used, and machine-readable format.
Right to Object
You can object to processing of your personal data for direct marketing or based on legitimate interests.
Legal Basis for Processing
We process personal data under the following legal bases: contractual necessity (to provide our GEO platform services), legitimate interests (to improve our services and ensure security), consent (for marketing communications and optional analytics), and legal obligations (to comply with applicable laws and regulations). You may withdraw consent at any time without affecting the lawfulness of prior processing.
Data Processing Activities
Our data processing activities include account management and authentication, AI search visibility tracking and analysis, payment processing and billing, customer support and communications, platform analytics and performance monitoring, and security and fraud prevention. Each processing activity has a documented legal basis and purpose. We maintain a comprehensive Record of Processing Activities (ROPA) as required by Article 30 of the GDPR.
International Data Transfers
When transferring personal data outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions where applicable, and binding corporate rules for intra-group transfers. All transfers are subject to appropriate safeguards to ensure your data receives equivalent protection. We regularly assess the legal frameworks of recipient countries.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy, ensuring compliance with GDPR requirements, acting as a point of contact for data subjects and supervisory authorities, and conducting regular data protection impact assessments. You can reach our DPO at dpo@optinex.ai.
Sub-Processors
We engage carefully vetted sub-processors to assist in delivering our services. All sub-processors are bound by data processing agreements that require GDPR-compliant data protection measures. We maintain an up-to-date list of sub-processors and notify customers of any changes. Key categories include cloud infrastructure providers, payment processors, email service providers, and analytics tools.
Data Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach as required by Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay. We maintain an incident response plan and conduct regular breach simulation exercises.
Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) for any processing activity likely to result in a high risk to individuals' rights and freedoms. This includes new features involving large-scale data processing, automated decision-making, and systematic monitoring. DPIAs are reviewed and updated regularly.
Updates to This Page
We regularly review and update our GDPR compliance practices. Any material changes to how we process personal data will be communicated through our platform and, where necessary, with fresh consent. We encourage you to review this page periodically.
Contact Our DPO
For any GDPR-related inquiries, to exercise your data subject rights, or to raise a concern, contact our Data Protection Officer at dpo@optinex.ai. You also have the right to lodge a complaint with your local supervisory authority.
GDPR Questions?
Our Data Protection Officer is available to help with any GDPR-related inquiries.
dpo@optinex.ai