← Back to home

GDPR Policy

1. Data Controller

Etyde acts as the data controller for personal data processed through the platform. For questions about data processing, contact us at privacy@etyde.com.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract performance (Article 6(1)(b)): Processing your account data, practice sessions, uploaded files, and messages is necessary to provide the Etyde service as agreed when you create an account.
  • Legitimate interest (Article 6(1)(f)): Collecting anonymous, aggregated usage analytics to improve the platform and displaying aggregated platform statistics. These interests are balanced against your rights by ensuring no personally identifiable information is used.
  • Consent (Article 6(1)(a)): Where we send optional communications such as practice reminders, you can configure your notification preferences at any time from your account settings.

3. Your Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Article 15): You can request a copy of all personal data we hold about you.
  • Right to rectification (Article 16): You can update your profile information at any time through your account settings, or request corrections to other data.
  • Right to erasure (Article 17): You can delete your account and all associated data at any time from your account settings. This permanently removes your profile, practice sessions, uploaded files, messages, and all other personal data.
  • Right to data portability (Article 20): You can request an export of your personal data in a structured, machine-readable format.
  • Right to restriction (Article 18): You can request that we restrict processing of your data in certain circumstances while we verify your concerns.
  • Right to object (Article 21): You can object to processing based on legitimate interests. You can also disable specific notification types from your account settings.

4. How to Exercise Your Rights

You can exercise your rights in two ways:

  • Self-service: Account deletion, profile updates, and notification preferences are available directly in your account settings.
  • Contact us: For data access requests, data portability, restriction of processing, or any other request, email privacy@etyde.com. We will respond within 30 days.

5. Data Protection Officer

For data protection inquiries, you can reach our data protection contact at dpo@etyde.com.

6. Cross-Border Data Transfers

Etyde operates on self-hosted infrastructure. Your data is stored and processed on servers under our direct control. If our infrastructure is located within the European Economic Area (EEA), no cross-border transfers occur. Should we need to transfer data outside the EEA in the future, we will implement appropriate safeguards such as Standard Contractual Clauses and update this policy accordingly.

7. Automated Decision-Making

Etyde does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. The platform does not employ AI-based assessment, scoring, or automated grading of practice performance. All evaluations and reflections are provided by human teachers.

8. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by Article 34.

9. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.

Last updated: March 2026