GDPR Compliance

Histeeria is fully committed to compliance with the General Data Protection Regulation (GDPR) for our users in the European Economic Area (EEA). We respect your rights to data privacy and sovereignty.

1. Data Controller & Processor

Histeeria acts as the Data Controller for your account information (email, username). Regarding your private encrypted messages, Histeeria acts as a Data Processor, storing encrypted blobs on your behalf without the ability to access the underlying content.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contractual Necessity: To provide the messaging and social networking services you requested.
• Legitimate Interest: To ensure the security and stability of our platform.
• Consent: For any optional features where you explicitly grant permission.

3. Your GDPR Rights

Under GDPR, you have the following rights:

3.1 Right to Access

You may request a copy of all personal data we hold about you. You can export your data directly from the app settings.

3.2 Right to Rectification

You can correct any inaccurate personal data (e.g., display name, bio) directly within the application.

3.3 Right to Erasure ("Right to be Forgotten")

You may delete your account at any time. Upon deletion, your cryptographic keys are discarded, and your encrypted data is removed from our servers, rendering it permanently inaccessible.

3.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

4. International Data Transfers

Your data may be processed on servers located outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) with our infrastructure providers to protect your privacy rights.

5. Data Protection Officer (DPO)

If you have questions about your rights or wish to exercise them, please contact our Data Protection Officer at dpo@histeeria.com.