Back to Home
GDPR Compliant — 100% data in EU

GDPR Compliance

Last update: November 2024

Why RepliQ is GDPR-compliant by design

Unlike traditional cloud solutions, RepliQ is built with privacy by design. This means:

  • Your documents and conversation data are stored exclusively in the EU (Germany — Hetzner);
  • Data is isolated per client — no cross-tenant access is possible;
  • Your documents (knowledge base) are stored in Qdrant, on our dedicated EU infrastructure;
  • You control who has access to data and for how long it is stored.

Roles in the processing relationship

You (the RepliQ client) = Data Controller

You are responsible for your final users' data (those who chat with the bot). You decide the purposes and means of processing.

Digital Beauty SRL = Data Processor

We provide the software platform. We process your final users' data only to the extent necessary to provide technical support and only according to your instructions. The relationship is formalized through a Data Processing Agreement (DPA) available on request.

Technical and organizational measures

  • Encryption in transit: all communications are encrypted via TLS 1.2+;
  • Client isolation: every client has a separate Qdrant collection and isolated database;
  • Authentication: API keys hashed with SHA-256, JWT with expiration, passwords hashed with bcrypt;
  • Minimum access: least-privilege principle applied at the role level;
  • Audit log: all administrative actions are recorded with timestamp and user;
  • EU Infrastructure: Hetzner servers, Frankfurt, Germany — inside the EU.

What data we process about your final users

Conversation content and documents remain on our EU infrastructure and are isolated per client. Digital Beauty SRL does not use your data for AI training or share it with third parties.

Exception: in case of a technical incident for which you request support, you can choose to send us log fragments. In this case, processing is done strictly based on your instructions and exclusively to solve the problem.

Data Processing Agreement (DPA)

If your organization needs a formal DPA (required in B2B relations according to art. 28 GDPR), we provide it on request. Send an email to contact@digitalbeauty.ro with the subject "DPA Request".

Data subject rights

As the data controller for your final users, you are responsible for managing their requests (access, deletion, portability). The RepliQ platform provides the necessary tools:

  • Export conversations per user from the Admin Panel;
  • Manual deletion of individual or bulk conversations;
  • Data retention control — you configure how long conversations are kept.

Security breach notification

In the event of any security incident that could affect personal data, Digital Beauty SRL will notify you within 72 hours of identifying the incident, according to art. 33 GDPR.

DPO Contact

We are not legally required to appoint a DPO, but for any data protection questions, contact us at contact@digitalbeauty.ro.

The competent supervisory authority for Romania is ANSPDCP (National Supervisory Authority for Personal Data Processing).

Privacy PolicyTerms and ConditionsGDPR ComplianceBack to Home