GDPR Compliance
Our commitment to protecting your privacy and data rights under the General Data Protection Regulation
Our Commitment to GDPR
Acadion.ai LLC is committed to protecting the privacy and security of your personal data in accordance with the EU General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal data.
The GDPR provides comprehensive data protection rights to individuals in the European Economic Area (EEA). Even if you're not in the EEA, we apply GDPR principles to all our users worldwide as part of our commitment to privacy.
GDPR Principles We Follow
Lawfulness & Transparency
We process data lawfully, fairly, and transparently. We clearly communicate what data we collect and how we use it.
Purpose Limitation
We collect data only for specified, explicit, and legitimate purposes and don't process it in ways incompatible with those purposes.
Data Minimization
We collect only the data that is adequate, relevant, and necessary for our specified purposes.
Accuracy
We ensure personal data is accurate and kept up to date, with reasonable steps taken to rectify or erase inaccurate data.
Storage Limitation
We retain personal data only as long as necessary for the purposes for which it was collected.
Integrity & Confidentiality
We implement appropriate security measures to protect data against unauthorized or unlawful processing and accidental loss.
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights regarding your personal data:
1. Right to Be Informed
You have the right to clear, transparent information about how we collect and use your personal data.
We provide this information through our Privacy Policy and this GDPR compliance page.
2. Right of Access
You have the right to request a copy of the personal data we hold about you.
Submit a data access request to: gdpr@acadion.ai
3. Right to Rectification
You have the right to have inaccurate or incomplete personal data corrected.
Update your information directly in your account settings or contact us for assistance.
4. Right to Erasure ("Right to Be Forgotten")
You have the right to request deletion of your personal data in certain circumstances.
Submit a deletion request to: gdpr@acadion.ai. We will respond within 30 days.
5. Right to Restrict Processing
You have the right to request that we restrict how we use your personal data in certain situations.
This right applies when you contest data accuracy, object to processing, or when processing is unlawful.
6. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format.
Request data export through your account settings or by contacting gdpr@acadion.ai
7. Right to Object
You have the right to object to certain types of processing, including direct marketing.
You can opt out of marketing communications at any time using the unsubscribe link in emails or through your account settings.
8. Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that significantly affects you.
While we use AI for content suggestions, all significant decisions require human review and input.
Legal Bases for Processing
We process your personal data based on the following legal grounds:
- •Contractual Necessity: Processing necessary to provide our Services under our Terms of Service
- •Consent: Processing based on your explicit consent, which you can withdraw at any time
- •Legitimate Interests: Processing necessary for our legitimate business interests, provided they don't override your rights
- •Legal Obligations: Processing required to comply with legal obligations
International Data Transfers
If you are located in the EEA, your personal data may be transferred to and processed in countries outside the EEA, including the United States. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions recognizing equivalent data protection
- Binding corporate rules for intra-group transfers
- Certification schemes and codes of conduct
We continuously monitor international data transfer mechanisms to ensure compliance with evolving regulations and court decisions.
Data Security Measures
We implement appropriate technical and organizational measures to ensure data security:
- ✓Encryption of data in transit (TLS/SSL) and at rest (AES-256)
- ✓Regular security audits and penetration testing
- ✓Access controls and authentication (including 2FA)
- ✓Employee training on data protection and security
- ✓Incident response and data breach notification procedures
- ✓Regular backups and disaster recovery planning
- ✓Vendor security assessments and data processing agreements
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Notify affected individuals without undue delay if the breach is likely to result in high risk
- Provide clear information about the nature of the breach and steps being taken
- Document all data breaches, including facts, effects, and remedial actions
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance and data protection strategy. You can contact our DPO regarding:
- Questions about how we process your personal data
- Exercising your GDPR rights
- Data protection concerns or complaints
- Data processing agreements and vendor assessments
Data Protection Officer Contact:
Email: dpo@acadion.ai
GDPR Requests: gdpr@acadion.ai
Response Time: Within 30 days
Exercising Your Rights
To exercise any of your GDPR rights, please:
- Send an email to gdpr@acadion.ai with your request
- Include sufficient information for us to verify your identity
- Clearly state which right(s) you wish to exercise
- Provide any relevant details to help us process your request
We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days and will inform you of the extension and reasons for the delay.
In most cases, exercising your rights is free of charge. However, we may charge a reasonable fee if requests are manifestly unfounded, excessive, or repetitive.
Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority (Data Protection Authority).
You can find your data protection authority at: European Data Protection Board - Members
However, we encourage you to contact us first so we can address your concerns directly.
Children's Data
Our Services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information.
If you believe we have collected data from a child under 16, please contact us immediately at gdpr@acadion.ai.
Updates to This Page
We may update this GDPR compliance page to reflect changes in our practices, legal requirements, or GDPR guidance. We will notify you of material changes through our website or by email.
This page was last updated: November 23, 2025
Additional Resources
For more information about your privacy and data protection:
Questions About Your Data?
We're committed to transparency and protecting your privacy. Contact us anytime.