GDPR Compliance

Bacuti, Inc. (“we,” “us,” “our”), as data controller, is committed to protecting the privacy and security of personal data collected through www.bacuti.com and our mobile applications in accordance with the EU General Data Protection Regulation (GDPR). By using our services, you consent to the processing of your personal data as described herein.

Lawful Bases for Processing
We rely on the following legal grounds to process personal data:
• Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications).
• Contractual Necessity: Processing is required to perform our contract with you (e.g., to provide our SaaS platform and support).
• Legal Obligation: Processing is necessary to comply with legal obligations (e.g., tax and accounting requirements).
• Legitimate Interests: Processing is necessary for our legitimate interests (e.g., fraud prevention, improving user experience) provided your rights do not override those interests.

Data Subject Rights
Under GDPR, you have the right to:
• Access – request a copy of personal data we hold about you.
• Rectification – have inaccurate or incomplete data corrected.
• Erasure (“right to be forgotten”) – request deletion of personal data when there is no lawful basis to retain it.
• Restriction of Processing – request suspension of processing under certain circumstances.
• Data Portability – receive your personal data in a structured, machine-readable format.
• Objection – object to processing based on legitimate interests or direct marketing.
• Withdraw Consent – withdraw consent at any time for processing based on consent, without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, email us at privacy@bacuti.com or write to Data Protection Officer, Bacuti, Inc., 108 W. 13th Street, Suite 100, Wilmington, DE 19801. We will respond within one month of your request.

Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

International Transfers
Your personal data may be transferred to and processed in the US and other countries where our service providers operate. We implement appropriate safeguards, such as Standard Contractual Clauses, to ensure adequate protection of your data.
Data Security

We maintain administrative, technical, and physical safeguards to protect personal data against unauthorized access, disclosure, alteration, and destruction.

Complaints
If you believe our processing infringes GDPR, you have the right to lodge a complaint with a supervisory authority in your EU member state.

Changes to This Statement
We may update this GDPR Compliance statement. The “Last Updated” date indicates the most recent revision. Continued use of our services after changes are posted constitutes your acceptance.