← Back to Home

GDPR Compliance

Last Updated: March 8, 2026

1. Data Controller

Controller: CIS-DAPP
Data Protection Officer: privacy@cis-dapp.com

2. Legal Basis for Processing

We process personal data based on:

• Consent: When you opt-in to our services
• Contract: To fulfill our service agreement
• Legitimate Interest: For service improvement and security
• Legal Obligation: When required by law

3. Your GDPR Rights

Right to Access (Article 15)

You have the right to request a copy of all personal data we hold about you.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete data.

Right to Erasure (Article 17) — "Right to be Forgotten"

You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.

Right to Restrict Processing (Article 18)

You can request that we limit how we use your data.

Right to Data Portability (Article 20)

You can request your data in a machine-readable format to transfer to another service.

Right to Object (Article 21)

You can object to processing based on legitimate interests or direct marketing.

4. Data Retention

We retain personal data only as long as necessary:

• Active accounts: Duration of service + 1 year
• Inactive accounts: 2 years after last activity
• Payment records: 10 years (legal requirement)

5. Data Transfers

We do not sell your data. Data is only shared with:

• Service providers (under data processing agreements)
• Legal authorities (when legally required)

6. Data Breach Notification

In the event of a data breach, we will notify affected users within 72 hours and report to supervisory authorities as required.

7. Exercising Your Rights

To exercise any of your GDPR rights, contact our Data Protection Officer:

Email: privacy@cis-dapp.com
Response Time: Within 30 days

8. Complaints

If you believe we have not handled your data properly, you have the right to complain to the supervisory authority:

CNIL (France)
Website: www.cnil.fr