Legal Reference
GDPR Compliance
Last Updated
March 24, 2026
"This document describes how EziBreezy collects, uses, processes, stores, and discloses personal data in accordance with the General Data Protection Regulation (GDPR)."
Data Controller
EziBreezy is committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR") when handling personal data of residents in the European Union and European Economic Area.
EziBreezy acts as the Data Controller, determining how and why personal data is processed. This policy applies to all EU/EEA residents who use our social media scheduling and content management platform.
Legal Basis for Processing
Consent
Where you have given explicit consent, such as opting in to marketing communications or authorizing a third-party integration (e.g., connecting a social media account).
Contractual Necessity
Processing required to fulfil our obligations under the Terms of Service, including account management, subscription processing, and scheduling and publishing content on your behalf.
Legal Obligation
Where processing is necessary to comply with financial regulations, tax obligations, or valid law-enforcement requests.
Legitimate Interests
Where processing supports our legitimate business interests, such as improving the service, preventing fraud, and maintaining network security, balanced against your rights and freedoms.
Your GDPR Rights
As an EU/EEA resident, you have the following rights under GDPR. We will respond to requests within one month or sooner where feasible.
- Be Informed
You have the right to know how your personal data is collected, used, and shared.
- Access
You can request a copy of the personal data we hold about you.
- Rectification
You can ask us to correct inaccurate or incomplete data.
- Erasure
You can request deletion of your personal data ("Right to be Forgotten") where there is no compelling reason for continued processing.
- Restrict Processing
You can ask us to limit how we use your data in certain circumstances.
- Data Portability
You can request your data in a structured, commonly used, machine-readable format and have it transferred to another controller.
- Object
You can object to processing based on legitimate interests or for direct marketing purposes.
- Automated Decisions
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
International Data Transfers
EziBreezy may transfer personal data to countries outside the EU/EEA where our infrastructure and service providers operate. When we do, we ensure adequate safeguards are in place:
Standard Contractual Clauses
European Commission-approved SCCs are used for transfers to countries without an adequacy decision.
Adequacy Decisions
Where the European Commission has determined that a country provides an adequate level of data protection.
Provider Safeguards
Our service providers, including Railway, Vercel, Cloudflare, Stripe, PostHog, Resend, and Sentry, maintain their own GDPR-compliant data processing agreements and transfer mechanisms.
Retention & Security
Data Retention
We retain personal data only as long as necessary for the purposes described in our Privacy Policy and to comply with legal obligations.
Upon account deletion, all personal data is removed from our live databases within 30 days. Server logs may be retained for up to 90 days for security auditing before permanent deletion.
Security Measures
We implement appropriate technical and organizational measures to protect your data, including AES-256-GCM encryption for OAuth tokens at rest, TLS for data in transit, and role-based access controls for our internal systems.
Complaints & Contact
If you believe we have processed your personal data in violation of your GDPR rights, we encourage you to contact us first so we can resolve the issue directly:
Data Protection Officer: support@ezibreezy.com
You also have the right to lodge a complaint with the supervisory authority in the EU/EEA Member State where you reside, where you work, or where the alleged infringement occurred.