GDPR Compliance

Gatekeeper.io is committed to protecting the privacy rights of individuals under the General Data Protection Regulation (GDPR).

Our Commitment to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that affects organizations processing personal data of individuals in the European Union. At Gatekeeper.io, we have implemented measures to ensure full compliance with GDPR requirements.

Whether you are a customer based in the EU or processing data of EU residents, Gatekeeper provides the tools and safeguards you need to maintain compliance.

Data Subject Rights

We support all rights granted to individuals under GDPR

Right to Access

Request a copy of all personal data we hold about you or your visitors.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of personal data when it is no longer necessary.

Right to Restrict Processing

Request limitation of how we process your personal data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing of your personal data in certain circumstances.

How Gatekeeper Helps You Comply

Data Processing Agreement

We provide a comprehensive Data Processing Agreement (DPA) that outlines our obligations as a data processor, including security measures, sub-processor management, and data breach notification procedures.

Lawful Basis Support

Gatekeeper helps you establish and document lawful bases for processing visitor data, whether through consent, legitimate interests, or contractual necessity. Our customizable consent workflows ensure proper documentation.

Data Minimization

Configure your check-in flows to collect only the data you need. Our flexible form builder lets you determine exactly what information to collect for different visitor types.

Retention Controls

Set automatic data retention policies to ensure visitor data is not kept longer than necessary. Configure different retention periods for different types of visits and receive notifications before data is deleted.

Data Export

Export visitor data in machine-readable formats (CSV, JSON) to fulfill data portability requests. Generate comprehensive reports of all data associated with a specific individual.

Right to Erasure

Easily delete visitor records to comply with erasure requests. Our system maintains audit logs of deletions for your compliance documentation while fully removing the personal data itself.

Technical & Organizational Measures

GDPR Article 32 requires appropriate security measures. Gatekeeper implements:

Encryption: AES-256 encryption at rest, TLS 1.3 in transit
Pseudonymization: Support for anonymizing historical visitor data
Access Controls: Role-based access with principle of least privilege
Availability: 99.9% uptime SLA with automated failover
Audit Logging: Comprehensive logs of all data access and modifications
Regular Testing: Penetration testing and security assessments
Incident Response: Documented procedures with 72-hour breach notification

Sub-processors

We use a limited number of sub-processors to provide our services. All sub-processors are bound by data processing agreements and maintain appropriate security certifications.

Cloud Infrastructure

Hosting and data storage

United States / EU

Payment Processing

Subscription billing

United States

Email Services

Transactional emails

United States

A complete list of sub-processors is available in our Data Processing Agreement. We notify customers before adding new sub-processors.

Data Protection Officer

For GDPR-related inquiries or to exercise your data subject rights, please contact our Data Protection Officer.

Email: dpo@gatekeeper.io

Address: 123 Security Lane, Atlanta, GA 30301

Contact DPO Read Privacy Policy