Regulatory

GDPR & Compliance

Plain-English summary of the regulations DRIVUNO operates under, what we already do, and what we're working toward.

Status today

GDPR (EU 2016/679)
DRIVUNO is built as a data processor in GDPR terms. The architecture makes data minimization the default. Data Processing Agreement available at /dpa.
Swiss FADP
Coverage equivalent to GDPR for Swiss data subjects.
UK GDPR + DPA 2018
Same processing standards applied to UK data subjects.
ePrivacy
We use no advertising cookies. Analytics are cookieless and privacy-preserving.

Your rights as a data subject

  • Access — request a copy of your data via the GDPR export in your account settings.
  • Rectification — update your profile and settings at any time.
  • Erasure — request account deletion (30-day grace, then irreversible cryptographic erasure).
  • Restriction — pause processing by deactivating sharing and disabling automation.
  • Portability — the GDPR export delivers your data in a machine-readable format with a manifest.
  • Objection — opt out of any non-essential processing.
  • Withdraw consent — revoke optional channels (SMS, email recovery) without affecting your account.

Lawful bases we rely on

  • Contract — to deliver the service you signed up for.
  • Legal obligation — for billing records, tax, and disclosure requirements.
  • Legitimate interest — for security event logging and abuse prevention.
  • Consent — for optional channels (recovery email/SMS) and product communications.

International transfers

EU customer data is processed in the EU by default. Where a subprocessor operates outside the EU, transfers are governed by Standard Contractual Clauses with supplementary measures (encryption-at-rest, encryption-in-transit, and — critically — the client-side encryption that means no transferred bytes are readable plaintext).

Compliance roadmap

In progress
SOC 2 Type I readiness assessment · ISO 27001 gap analysis · external cryptography review.
Planned
SOC 2 Type II · ISO 27001 certification · regional data-residency commitments (Japan, APAC) · HIPAA BAA for Business plans on request.

Contact our Data Protection Officer: dpo@drivuno.com. See /privacy, /dpa, and /gdpr for the full policy text.

Encrypted on your device · upload in 1 click
Upload