GDPR Compliance

SpendSight is committed to operational transparency and the protection of individual privacy rights under the EU General Data Protection Regulation.

Role

Data Processor

Data Residency

AWS EU-West

DPO

privacy@getspendsight.com

Data Subject Rights

Right to Access

Request a full export of all personal data stored within SpendSight.

Right to Erasure

Request account deletion and permanent wiping of PII from all logs.

Right to Rectification

Correction of inaccurate user profile or identity data.

Right to Object

Object to automated processing for benchmarking (Opt-out available).

Data Processing Inventory

We maintain a comprehensive Record of Processing Activities (ROPA). The primary data categories processed include Identity Data (User profiles) and Transactional Data (Spend history).

DPA (Data Processing Agreement) available for Enterprise clients.

Standard Contractual Clauses (SCCs) for cross-border transfers.

Request DPA / Data Export