Regulatory
GDPR & Compliance
Plain-English summary of the regulations DRIVUNO operates under, what we already do, and what we're working toward.
Status today
GDPR (EU 2016/679)
DRIVUNO is built as a data processor in GDPR terms. The architecture makes data minimization the default. Data Processing Agreement available at /dpa.
Swiss FADP
Coverage equivalent to GDPR for Swiss data subjects.
UK GDPR + DPA 2018
Same processing standards applied to UK data subjects.
ePrivacy
We use no advertising cookies. Analytics are cookieless and privacy-preserving.
Your rights as a data subject
- Access — request a copy of your data via the GDPR export in your account settings.
- Rectification — update your profile and settings at any time.
- Erasure — request account deletion (30-day grace, then irreversible cryptographic erasure).
- Restriction — pause processing by deactivating sharing and disabling automation.
- Portability — the GDPR export delivers your data in a machine-readable format with a manifest.
- Objection — opt out of any non-essential processing.
- Withdraw consent — revoke optional channels (SMS, email recovery) without affecting your account.
Lawful bases we rely on
- Contract — to deliver the service you signed up for.
- Legal obligation — for billing records, tax, and disclosure requirements.
- Legitimate interest — for security event logging and abuse prevention.
- Consent — for optional channels (recovery email/SMS) and product communications.
International transfers
EU customer data is processed in the EU by default. Where a subprocessor operates outside the EU, transfers are governed by Standard Contractual Clauses with supplementary measures (encryption-at-rest, encryption-in-transit, and — critically — the client-side encryption that means no transferred bytes are readable plaintext).
Compliance roadmap
In progress
SOC 2 Type I readiness assessment · ISO 27001 gap analysis · external cryptography review.
Planned
SOC 2 Type II · ISO 27001 certification · regional data-residency commitments (Japan, APAC) · HIPAA BAA for Business plans on request.
Contact our Data Protection Officer: dpo@drivuno.com. See /privacy, /dpa, and /gdpr for the full policy text.