Legal

GDPR Compliance

How Declario protects your data and respects your privacy under EU regulations.

Last updated: April 10, 2026

Our Commitment to GDPR

As a European company based in Poland, GDPR compliance is built into the foundation of Declario — not bolted on as an afterthought. We are committed to protecting the personal data of our users and their clients.

How We Comply

Lawful Processing

We process data based on clear legal grounds: contract performance, legitimate interest, and explicit consent where required.

Data Minimization

We only collect data necessary to provide the service. Proposal tracking uses hashed IPs — we never store raw IP addresses.

Encryption & Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Row-level security ensures complete workspace isolation.

Right to Be Forgotten

You can delete your account and all associated data at any time. We process deletion requests within 30 days.

Data Portability

Export your proposals, client data, and analytics at any time. Your data belongs to you.

Breach Notification

In the event of a data breach, we notify affected parties within 48 hours as required by GDPR Article 33.

Your Rights Under GDPR

As a data subject, you have the right to:

  • Access your personal dataArticle 15
  • Rectify inaccurate dataArticle 16
  • Erase your dataArticle 17
  • Restrict processingArticle 18
  • Data portabilityArticle 20
  • Object to processingArticle 21
  • Not be subject to automated decision-makingArticle 22

To exercise any of these rights, contact us at hello@declario.app.

Tracking & Analytics Compliance

When your clients view proposals, Declario tracks engagement for your benefit. Here’s how we do it responsibly:

  • IP addresses are hashed using SHA-256 before storage — we never store raw IPs
  • No advertising cookies or third-party trackers
  • Tracking data is automatically purged after 2 years
  • Proposal recipients are not required to create accounts or accept cookies
  • All tracking is first-party and necessary for the service’s core functionality

Sub-processors

Third-party services we rely on to deliver Declario.

Sub-processorPurposeLocation
Supabase Inc.Database & AuthEU
Vercel Inc.HostingGlobal (EU edge)
Paddle.comPaymentsUK/EU
Resend Inc.EmailUS (SCCs in place)
Anthropic PBCAI Content GenerationUS (SCCs in place)

Documentation

Privacy PolicyTerms of ServiceData Processing AgreementRefund Policy

Questions about GDPR?

Our team is happy to answer any questions about how we handle your data and ensure compliance.

Contact Ushello@declario.app