GDPR Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all companies processing the personal data of individuals residing in the European Union, regardless of where the company is located.

GDPR strengthens data protection rights and gives individuals more control over their personal information. As a company that may process data of EU residents, Thyonix is fully compliant with GDPR requirements.

How Thyonix Complies with GDPR

Lawful Basis for Processing

We process your personal data based on the following lawful grounds:

Contractual Necessity: To provide our service as outlined in our Terms of Service
Legitimate Interest: To improve our service, prevent fraud, and ensure security
Consent: For marketing communications (which you can opt out of at any time)
Legal Obligation: To comply with laws, regulations, and legal processes

Data Minimization

We only collect and process personal data that is necessary to provide our service. We do not collect excessive or irrelevant information.

Transparency

Our Privacy Policy clearly explains what data we collect, how we use it, who we share it with, and how long we retain it. We are committed to clear, plain language communication about data practices.

Security Measures

We implement appropriate technical and organizational measures to protect personal data:

Encryption in transit (TLS 1.3) and at rest for sensitive data
Regular security assessments and penetration testing
Access controls and authentication mechanisms
Employee training on data protection

Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

1. Right to Access (Article 15)

You have the right to request a copy of all personal data we hold about you. This includes:

Account information (name, email, company)
Lead data you've collected through Thyonix
Campaign history and analytics
AI-generated websites you've created

How to exercise: Email us at privacy@thyonix.io with your request. We will respond within 30 days.

2. Right to Rectification (Article 16)

You can update your personal information directly in your account settings. For data you cannot update yourself, contact us at privacy@thyonix.io.

3. Right to Erasure (Article 17)

You have the "right to be forgotten" — you can request deletion of your personal data when:

The data is no longer necessary for the purposes it was collected
You withdraw consent (where consent was the lawful basis)
You object to processing and there are no overriding legitimate grounds
The data was unlawfully processed

How to exercise: You can delete your account directly in Settings → Account → Delete Account. Alternatively, email privacy@thyonix.io. We will delete your data within 30 days.

4. Right to Restriction of Processing (Article 18)

You can request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON/CSV). You can also request that we transmit this data directly to another service provider.

6. Right to Object (Article 21)

You can object to processing of your personal data when:

Processing is based on legitimate interests
Processing is for direct marketing purposes (you can opt out anytime)
Processing is for scientific or historical research purposes

7. Rights Related to Automated Decision Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. While Thyonix uses AI to generate websites, all final decisions are made by human users.

Data Processing Activities

Personal Data We Collect

Data Category	Purpose	Legal Basis
Account data (name, email)	Provide service, authentication	Contract
Payment information	Process payments	Contract
Usage data (clicks, views)	Improve service, analytics	Legitimate interest
Marketing preferences	Send product updates	Consent

International Data Transfers

Thyonix is based in the United States. When EU residents use our service, their personal data is transferred to and processed in the United States. We ensure such transfers comply with GDPR through:

Standard Contractual Clauses (SCCs): We use EU-approved SCCs with our service providers
Adequate Security: We implement technical and organizational measures equivalent to EU standards
Your Rights: You retain all GDPR rights regardless of where data is processed

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
Notify affected users without undue delay if the breach is likely to result in high risk
Provide information about the nature of the breach, its likely consequences, and measures taken

Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer:

Data Protection Officer

Email: dpo@thyonix.io

Thyonix LLC

Supervisory Authority

If you are not satisfied with our response to your GDPR request, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, you can find your supervisory authority at:

European Data Protection Board - List of Supervisory Authorities

Exercise Your GDPR Rights

To exercise any of your GDPR rights, please contact us:

Privacy Requests

Email: privacy@thyonix.io

Please include "GDPR Request" in the subject line and provide details of your request. We will respond within 30 days as required by law.