GDPR Compliance

Last updated: February 22, 2026

OTLDR is committed to compliance with the General Data Protection Regulation (GDPR). This page outlines how we protect the rights of EU residents and handle personal data in accordance with GDPR requirements.

Legal Basis for Processing

We process personal data based on: contractual necessity (providing the service), legitimate interest (improving the service and security), and consent (optional analytics and communications). You can withdraw consent at any time.

Your Rights Under GDPR

As an EU resident, you have the right to: access your personal data, rectify inaccurate data, erase your data (right to be forgotten), restrict processing, data portability, object to processing, and not be subject to automated decision-making. To exercise these rights, contact us at privacy@otldr.com.

International Data Transfers

When AI summarization is used, your conversation content may be processed by third-party AI services on our behalf. These transfers are governed by our data processing agreements with AI providers. OTLDR's infrastructure processes data in compliance with GDPR requirements.

Data Retention

We retain your data only as long as your account is active and necessary to provide the service. Upon account deletion, all personal data is removed within 30 days. Backup data is purged within 90 days. We do not retain conversation content beyond what is necessary for the service.

Data Breach Notification

In the event of a data breach affecting personal data, we will notify affected users and relevant supervisory authorities within 72 hours as required by GDPR Article 33. We maintain incident response procedures to minimize impact and ensure transparency.

Data Protection Officer

For GDPR-related inquiries, please contact our data protection team at dpo@otldr.com. We are committed to resolving any concerns about how we handle your personal data.