GDPR Compliance

    InCard is fully committed to protecting your privacy rights under the General Data Protection Regulation (GDPR).

    βœ“ GDPR Compliant
    βœ“ Privacy by Design
    βœ“ Data Protection Officer

    Our GDPR Commitment

    As a unified agentic AI platform serving European users, InCard implements comprehensive GDPR compliance measures to ensure your personal data is protected according to the highest European privacy standards.

    Lawful Processing

    We process personal data only with valid legal basis, including consent, contract fulfillment, and legitimate interests.

    Transparency

    Clear information about data collection, processing purposes, and your rights provided in plain language.

    Data Minimization

    We collect only personal data that is necessary for our specified, legitimate purposes.

    Accuracy

    Personal data is kept accurate and up-to-date, with mechanisms for correction and updates.

    Storage Limitation

    Personal data is retained only as long as necessary for the purposes for which it was collected.

    Accountability

    We demonstrate compliance through documentation, policies, and regular privacy impact assessments.

    Your GDPR Rights

    Access and Portability

    • Right to Access:Request a copy of your personal data in a structured, machine-readable format
    • Data Portability:Transfer your data to another service provider

    Control and Correction

    • Right to Rectification:Correct inaccurate or incomplete personal data
    • Right to Restrict:Limit how we process your personal data

    Consent and Objection

    • Right to Object:Object to processing based on legitimate interests or direct marketing
    • Withdraw Consent:Withdraw consent for processing at any time

    Deletion and Complaints

    • Right to Erasure:Request deletion of your personal data ('right to be forgotten')
    • Lodge Complaints:File complaints with supervisory authorities

    Technical and Organizational Measures

    Technical Safeguards

    • End-to-end encryption for data transmission
    • Encrypted data storage with access logging
    • Multi-factor authentication and access controls
    • Regular security testing and vulnerability assessments

    Organizational Policies

    • Dedicated Data Protection Officer (DPO)
    • Regular staff training on data protection
    • Data processing agreements with third parties
    • Privacy impact assessments for new features

    International Data Transfers

    When transferring personal data outside the EU/EEA, we ensure adequate protection through:

    Adequacy Decisions

    Transfers to countries with approved data protection frameworks

    Standard Contractual Clauses

    EU Commission-approved contracts ensuring GDPR-level protection

    Additional Safeguards

    Supplementary measures including encryption and access controls

    How to Exercise Your GDPR Rights

    Contact Our DPO

    Email: dpo@incard.biz

    Response Time: Within 30 days

    Verification: Identity verification required

    Language: English or Vietnamese

    Supervisory Authorities

    EU Users: Contact your local data protection authority

    Lead Authority: Irish Data Protection Commission (for EU operations)

    Australian Users: Office of the Australian Information Commissioner

    Vietnamese Users: Ministry of Information and Communications

    Our Privacy Commitment

    InCard is committed to maintaining the highest standards of data protection. We continuously monitor regulatory developments and update our practices to ensure ongoing GDPR compliance.

    Contact Data Protection OfficerView Privacy Policy