GDPR Compliance

    Last updated:

    1. Introduction

    Pwdly is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page explains how we process, protect, and respect your rights regarding your personal data.

    2. Data Controller

    The data controller responsible for your personal data is Pwdly. For any questions, contact us at privacy@pwdly.app.

    3. What Data We Collect

    • Email address, name (if provided), and authentication data (password hash for login only).
    • Project metadata (names, membership lists, timestamps).
    • Public keys (for encryption purposes).
    • Encrypted secrets and non-sensitive metadata.
    • Usage logs, error reports, and anonymized analytics.

    4. Lawful Bases for Processing

    • Consent: For account creation and service use.
    • Contract: To provide and operate the service.
    • Legal obligation: For compliance with applicable laws.
    • Legitimate interests: To improve and secure the service.

    5. Data Subject Rights

    • Access: You can request a copy of your personal data.
    • Rectification: You can correct inaccurate data.
    • Erasure: You can request deletion of your data.
    • Restriction: You can restrict processing in certain cases.
    • Portability: You can request your data in a portable format.
    • Objection: You can object to certain processing activities.

    To exercise your rights, contact us at privacy@pwdly.app.

    6. Data Security

    • Client-side end-to-end encryption for secrets and credentials.
    • Server-side encryption for defense in depth.
    • Access controls, logging, and regular audits.

    No online system is 100% secure. We minimize risk but cannot guarantee absolute security.

    7. Data Retention & Deletion

    • Encrypted data and public keys are retained until deleted by you or your account is removed.
    • Backups are encrypted and cycled according to our retention policy.
    • Data may be retained for legal compliance, but remains encrypted.

    8. International Transfers

    Data may be processed outside your country. We ensure appropriate safeguards for international transfers as required by GDPR.

    9. Third Parties

    We use trusted third-party providers (hosting, analytics, email delivery) who process data on our behalf under strict contractual obligations.

    10. Changes to This Notice

    We may update this GDPR page from time to time. Material changes will be communicated via the app or email.

    11. Contact

    For GDPR-related questions or requests, contact us at privacy@pwdly.app.