Last Updated: January 14, 2026
PerfectCSR.AI Inc. is committed to protecting the privacy and security of personal data in full compliance with the General Data Protection Regulation. This page explains our GDPR compliance measures, our role as a data controller and processor, and your rights as a data subject.
Throughout this document, when we refer to "we", "us", or "our", we mean PerfectCSR.AI Inc. The term "GDPR" refers to the European Union's General Data Protection Regulation. A "Data Controller" is an entity that determines how personal data is processed, while a "Data Processor" processes data on behalf of the controller.
GDPR gives you control over your personal data. As an EU resident, you have rights including access, correction, deletion, and portability of your data. We act as a Data Controller for your account info and as a Data Processor for data you process through our AI platform. We offer Data Processing Agreements and use Standard Contractual Clauses for international transfers.
When you sign up for our Services, visit our website, or interact with us directly, PerfectCSR.AI acts as a Data Controller. This means we determine the purposes and means of processing your personal data, including:
When you use our AI chatbot platform to process your customers' or end-users' personal data, we act as a Data Processor. In this capacity:
Under GDPR Article 6, we process personal data based on the following legal grounds:
| Legal Basis | When We Use It |
|---|---|
| Contract Performance Article 6(1)(b) |
Providing our Services, account management, billing, and customer support |
| Legitimate Interests Article 6(1)(f) |
Service improvement, security, fraud prevention, analytics, and B2B marketing |
| Legal Obligation Article 6(1)(c) |
Tax records, regulatory compliance, and responding to legal requests |
| Consent Article 6(1)(a) |
Marketing emails, newsletters, non-essential cookies, and optional features |
As a data subject in the European Economic Area (EEA), you have the following rights:
Request a copy of all personal data we hold about you, along with information about how we process it, the purposes, recipients, and retention periods.
Request correction of inaccurate personal data or completion of incomplete data without undue delay.
Also known as the "right to be forgotten." Request deletion of your personal data when it's no longer necessary, you withdraw consent, or you object to processing.
Request limitation of processing while we verify accuracy of your data, assess your objection, or when processing is unlawful but you prefer restriction over erasure.
Receive your personal data in a structured, commonly used, machine-readable format (JSON/CSV) and transmit it to another controller.
Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.
Not be subject to decisions based solely on automated processing (including profiling) that significantly affect you, with right to human review.
Your data, your control. Under GDPR, you can see what data we have, fix mistakes, delete it, take it elsewhere, or tell us to stop using it. Just email privacy@perfectcsr.ai and we'll respond within 30 days.
To exercise any of your GDPR rights, you can:
Response Timeline:
For customers processing EU personal data through our platform, we provide a comprehensive Data Processing Agreement that meets GDPR Article 28 requirements:
To request our DPA: Contact legal@perfectcsr.ai. Enterprise customers receive a DPA as part of their service agreement.
When transferring personal data outside the European Economic Area (EEA), we ensure GDPR-compliant protections:
We use the European Commission's 2021 Standard Contractual Clauses as our primary transfer mechanism. Our SCCs include the appropriate modules for controller-to-controller and controller-to-processor transfers.
Following the Schrems II ruling, we implement additional safeguards:
Enterprise customers can choose EU-only data processing with data stored in our EU data centers (AWS Frankfurt, Ireland).
We use carefully selected sub-processors to help deliver our Services. All sub-processors are bound by GDPR-compliant agreements.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure & hosting | EU (Frankfurt, Ireland) & US |
| Google Cloud Platform | AI/ML processing | EU & US |
| OpenAI | AI model inference | US (with DPA) |
| Stripe | Payment processing | EU & US |
| Intercom | Customer support | US (with SCCs) |
| SendGrid | Transactional emails | US (with SCCs) |
We maintain an up-to-date list of sub-processors. You can subscribe to sub-processor change notifications by emailing privacy@perfectcsr.ai.
We have appointed a Data Protection Officer (DPO) to oversee GDPR compliance:
Data Protection Officer β PerfectCSR.AI Inc.
Email: dpo@perfectcsr.ai
Response Time: Within 72 hours
In the event of a personal data breach affecting EU data subjects, we follow GDPR Article 33 and 34 requirements:
We maintain detailed records of processing activities as required by GDPR Article 30, including:
You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.
For GDPR-related inquiries, data subject requests, or DPA questions:
PerfectCSR.AI Inc. β Privacy Team
Email: privacy@perfectcsr.ai
DPO: dpo@perfectcsr.ai
Legal: legal@perfectcsr.ai
Set up in minutes. Capture leads on day one. Scale without hiring.