How we comply with the General Data Protection Regulation and your rights as a data subject.
// Your GDPR rights at a glance
📋 Right of Access
Request a copy of all personal data we hold about you.
✏️ Right to Rectification
Request correction of any inaccurate or incomplete data.
🗑️ Right to Erasure
Request deletion of your personal data ("right to be forgotten").
⏸️ Right to Restriction
Request that we limit how we process your data.
📦 Right to Portability
Receive your data in a structured, machine-readable format.
🚫 Right to Object
Object to processing based on legitimate interests.
↩️ Right to Withdraw Consent
Withdraw consent at any time without affecting prior processing.
🤖 Automated Decisions
We do not use automated decision-making or profiling.
// To exercise any right: info@deleak.co · We respond within 30 days
The General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — is the primary legal framework governing the processing of personal data of individuals within the European Union and European Economic Area.
Deleak.co, operating the LeakProtection service, is committed to full compliance with the GDPR. This document provides detailed information about how we process your personal data, the legal bases for our processing activities, and how you can exercise your rights.
Under GDPR, the Data Controller is the entity that determines the purposes and means of processing personal data. For all processing activities related to the LeakProtection service and the Deleak.co website:
We do not currently have a designated Data Protection Officer (DPO), as we do not conduct large-scale systematic processing of special category data. All data protection requests are handled directly by the Data Controller.
We process only the personal data that you voluntarily provide to us. The categories of personal data we may collect include:
| Data Category | Examples | Legal Basis | Retention |
|---|---|---|---|
| Identity data | First name, last name | Consent (Art. 6(1)(a)) | 12 months |
| Contact data | Email address, phone number (optional) | Consent (Art. 6(1)(a)) | 12 months |
| Course / content data | Course name or URL submitted for scanning | Consent (Art. 6(1)(a)) | 12 months |
| Communication data | Messages sent via contact form | Consent (Art. 6(1)(a)) | 12 months |
| Contract data | Subscription details (paid clients) | Contract (Art. 6(1)(b)) | 6 years (legal) |
We do not process special categories of personal data (Art. 9 GDPR), such as health data, racial or ethnic origin, political opinions, religious beliefs, biometric data, or data relating to criminal convictions.
Under GDPR, every processing activity must have a valid legal basis. We rely on the following legal bases:
The primary legal basis for processing personal data submitted via our Free Leak Scan form and contact forms is your explicit, freely given consent. You provide consent by:
You have the right to withdraw this consent at any time by contacting us at info@deleak.co. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Where you have entered into a paid subscription agreement with us, we process the minimum necessary personal data to perform that contract — including delivering the agreed service and communicating with you about it.
We may retain certain data where required by applicable law — for example, retaining financial transaction records for tax and accounting purposes as required by applicable national law.
As a data subject located in the EEA or UK, you have the following rights under Articles 15–22 of the GDPR:
You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with supplementary information about how it is processed. We will respond to access requests within 30 days.
If the personal data we hold about you is inaccurate or incomplete, you have the right to request correction without undue delay.
Also known as the "right to be forgotten." You may request the deletion of your personal data when:
Erasure may be refused where retention is required by law (e.g. tax records) or for the establishment, exercise, or defence of legal claims.
You may request that we restrict the processing of your personal data — meaning we store it but do not actively process it — in the following circumstances:
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g. JSON or CSV), and to transmit it to another controller.
You have the right to object at any time to the processing of your personal data where that processing is based on legitimate interests (Art. 6(1)(f)). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.
We do not use automated decision-making processes, including profiling, that produce legal or similarly significant effects on individuals. This right is therefore not applicable to our current processing activities.
To exercise any of your GDPR rights, please contact us by email at info@deleak.co with the subject line "GDPR Rights Request". Please include:
We will acknowledge your request within 72 hours and provide a substantive response within 30 days. In complex cases, this period may be extended by a further two months — we will notify you if this is the case.
We will not charge a fee for processing legitimate requests unless they are manifestly unfounded or excessive. We may request proof of identity before fulfilling your request to protect the security of your data.
We process and store personal data primarily within the European Economic Area. Any email communications are processed via our mail server hosted at mail.deleak.co.
The third-party service we use — Google Fonts — loads resources from Google's servers, which may involve data transfers to the United States. Google LLC participates in the EU-U.S. Data Privacy Framework and provides appropriate safeguards under Art. 46 GDPR.
We do not transfer your personal data to any other third countries or international organisations.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Art. 32 GDPR. These include:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it (Art. 33 GDPR), and will notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights (Art. 34 GDPR).
If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority — in particular, in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.
You can find your national Data Protection Authority through the European Data Protection Board:
We would, however, appreciate the opportunity to address your concerns before you approach the supervisory authority. Please contact us first at info@deleak.co.
We may update this GDPR compliance document from time to time to reflect changes in our processing activities, applicable law, or regulatory guidance. The "Last updated" date at the top indicates when this document was last revised. We encourage you to review this page periodically.
For all GDPR-related enquiries, rights requests, or data protection concerns:
We are committed to responding to all data protection requests promptly and transparently.