SOC 2 certification in progress.Our security practices
/ security/gdpr

GDPR

In progress

Occlo is built around GDPR principles. We are actively working toward full GDPR compliance and treat it as a baseline, not a checkbox — as a company that exists to protect personal privacy, nothing less is acceptable.

Your rights under GDPR

As a data subject under GDPR, you have the following rights with respect to your personal data.

Right of access

You can request a full export of all personal data Occlo holds about you at any time from Settings → Data Export.

Right to rectification

If any data we hold is inaccurate, you can update it directly in your account settings or contact us at privacy@occlo.ai.

Right to erasure

You can permanently delete your account and all associated data from Settings → Account → Delete Account. Deletion is irreversible and completes within 30 days.

Right to data portability

Your data export is provided in a machine-readable JSON format so you can transfer it to another service.

Right to restrict processing

You can pause scans and remove surveillance identifiers at any time from your account settings without deleting your account.

Right to object

You can object to processing at any time by contacting privacy@occlo.ai. We will stop processing within 30 days and provide a written response.

Legal bases for processing

We process personal data only when we have a valid legal basis to do so.

Contractual necessity

Running scans, submitting opt-out requests, and managing your subscription.

Legitimate interests

Security monitoring, fraud prevention, and improving the accuracy of scan results.

Consent

Marketing communications (you can withdraw consent at any time from your notification settings).

Legal obligation

Complying with applicable laws and responding to valid legal requests.

International data transfers

Occlo stores data within the EU. Where sub-processors are located outside the EEA (e.g. Stripe for payment processing, OpenAI for the assistant), transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission.

Data Processing Agreement

If you are using Occlo as a data controller and require a signed Data Processing Agreement (DPA), please see our DPA or contact us at privacy@occlo.ai.

View DPA →

Contact our privacy team

For any GDPR-related requests or questions, email privacy@occlo.ai. We respond to verified requests within 30 days as required by GDPR.