This page summarizes the GDPR-related controls, request channels, and supporting privacy resources available for Stomio customers and data subjects.
General Data Protection Regulation (GDPR)
Questions and comments can be sent to privacy+gdpr@stomio.io.
| Control | Description |
|---|---|
| Individual Responsible for GDPR Compliance | Ibrahim Menem, CTO |
| Purpose of Processing | Stomio helps product teams build better products by streamlining testing and user feedback. Notice regarding the collection and use of personally identifiable information can be found in our Privacy Policy. |
| Lawful Basis for Collection & Processing | All personally identifiable information collected and processed within Stomio is handled in accordance with our Terms of Service or the applicable Master Services Agreement between Stomio and the data controller. |
| Data Subject Access Requests (DSAR) | Requests for data access, modification, or deletion may be sent to privacy@stomio.io. |
| Data Privacy & Cookie Policies | See our Privacy Policy and Cookie Policy. |
| Data Retention | Customer data, including personally identifiable information, is securely deleted from Stomio systems following service termination, with a default 60-day grace period, or earlier upon customer request when defined in the applicable agreement. |
| Data Protection & Information Security | Stomio maintains a comprehensive information security management system to protect the confidentiality, integrity, and availability of customer data. The program is audited annually by a qualified third-party assessor, and our current SOC 2 Type II report is available upon request. |
| Breach Notification | Any breach involving personally identifiable information will be reported to customers, data subjects, and relevant authorities in accordance with our incident response policy and applicable regulatory requirements. |
| Personal Data Processing Agreement | Available here. |
| Subprocessors List | Available here. |