GDPR Compliance

Last updated: June 30, 2025

Streak.dev is committed to processing personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page outlines our key practices.

1. Data Controller & Processor

Depending on context, Streak.dev acts as:

• Data Controller – for account-related data.
• Data Processor – for end-user widget interactions on behalf of our customers.

2. Lawful Bases

We rely on contractual necessity to provide the Service and legitimate interestsfor analytics that improve product performance.

3. Sub-Processors

Our primary infrastructure providers:

• Supabase – managed PostgreSQL & storage (EU & US).
• Fly.io – API hosting (global).
• Vercel – website & dashboard hosting (EU & US).
• Upstash – Redis caching (EU).

We maintain signed Data Processing Agreements (DPAs) with each sub-processor.

4. Data Subject Rights

Data subjects can request access, rectification, deletion, or export of their data by emailingdpo@streak.dev. We respond within 30 days.

5. Security Measures

• Encryption in transit (TLS 1.3) & at rest.
• Role-based access controls & audit logging.
• Regular penetration testing & vulnerability scans.

6. Data Retention & Deletion

Widget event data is retained for 90 days by default. Customers can request shorter or longer retention during beta.

7. Contact

For GDPR inquiries, email our Data Protection Officer atdpo@streak.dev.