GDPR & your data rights

Last updated: June 2025

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, this page explains your rights under the General Data Protection Regulation (GDPR) and how to exercise them.

At a glance

  • We process data lawfully — consent, contract, or legitimate interest only.
  • You can access, export, correct, or delete your data at any time.
  • We use EU-friendly processors (Supabase, Vercel) with Standard Contractual Clauses where needed.
  • We do not sell personal data or use it for cross-site advertising.
  • Data breach notification within 72 hours where legally required.

1. Data controller

TryTokka is the data controller for personal data collected through trytokka.com and the TryTokka application. Contact our privacy team at privacy@trytokka.com for GDPR-related requests.

2. Lawful bases for processing

  • Contract — account creation, spend monitoring, alerts you configure.
  • Legitimate interest — fraud prevention, rate limiting, service security.
  • Consent — optional marketing emails (you can withdraw anytime).
  • Legal obligation — tax/billing records where applicable.

3. Your GDPR rights

You have the right to:

  • Access — request a copy of personal data we hold about you.
  • Rectification — correct inaccurate data (e.g. alert email in Settings).
  • Erasure — delete your account and all associated data (Settings → Account).
  • Portability — export usage data as CSV (Settings → Export).
  • Restriction — ask us to limit processing in certain circumstances.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — where processing is consent-based.

To exercise any right, email privacy@trytokka.com from your registered address. We respond within 30 days.

4. International transfers

TryTokka may process data in the United States and other regions where our infrastructure providers operate. We rely on Standard Contractual Clauses (SCCs) and processor agreements that meet GDPR requirements. See our Privacy Policy for subprocessors.

5. Data retention

Account data is retained while your account is active. After deletion, we purge personal data within 30 days except where law requires longer retention (e.g. billing records).

6. Supervisory authority

You may lodge a complaint with your local data protection authority if you believe we have not handled your data correctly. We encourage you to contact us first so we can resolve your concern.