GDPR Compliance

1. Introduction

Sidekick Intelligence LLC ("Chikoh", "we", "us", or "our") is committed to protecting the privacy and personal data of individuals in the European Economic Area (EEA) and United Kingdom. This page outlines how we comply with the General Data Protection Regulation (GDPR).

This document supplements our Privacy Policy and provides additional information specifically for EU data subjects.

2. Data Controller Information

3. Legal Basis for Processing

We process personal data under the following legal bases:

Contract Performance

We process data necessary to fulfill our contract with you, including:

• Account creation and management
• Providing our services and features
• Processing payments and subscriptions
• Customer support and communications

Legitimate Interests

We process data based on our legitimate interests, including:

• Improving and developing our services
• Ensuring platform security and preventing fraud
• Analyzing usage patterns and trends
• Sending service updates and notifications

Consent

We process data based on your consent for:

• Marketing communications
• Non-essential cookies and tracking
• Sharing data with third parties (where applicable)

Legal Obligations

We process data to comply with legal requirements, such as:

• Tax and accounting obligations
• Responding to legal requests
• Maintaining records as required by law

4. Your Rights Under GDPR

As an EU data subject, you have the following rights:

Right to Access

You can request a copy of your personal data we hold, including information about how we process it.

Right to Rectification

You can request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

• The data is no longer necessary for the original purpose
• You withdraw consent (where consent was the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed
• Erasure is required by law

Right to Restrict Processing

You can request restriction of processing when:

• You contest the accuracy of the data
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims
• You've objected to processing pending verification of legitimate grounds

Right to Data Portability

You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

5. Exercising Your Rights

To exercise any of your rights, please contact us at support@chikoh.com. We will:

• Verify your identity to protect your data
• Respond within one month of receiving your request
• Provide information free of charge (except for repetitive or excessive requests)
• Explain any reasons if we cannot fulfill your request

6. International Data Transfers

Your data may be transferred outside the EEA. We ensure appropriate safeguards through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Your explicit consent where required

Our primary data centers are located in the United States. We work with service providers that maintain appropriate data protection standards.

7. Data Retention

We retain personal data based on:

• Active accounts: Data retained while account is active
• Closed accounts: Essential data retained for 7 years for legal compliance
• Marketing data: Retained until consent withdrawn plus statutory period
• Technical logs: Generally retained for 12 months
• Cookie data: See our Cookie Policy for specific retention periods

8. Data Protection Measures

We implement appropriate technical and organizational measures:

Technical Measures

• Encryption in transit (TLS/SSL) and at rest
• Regular security testing and vulnerability assessments
• Access controls and authentication mechanisms
• Regular backups and disaster recovery procedures
• Monitoring and logging of data access

Organizational Measures

• Data protection training for employees
• Confidentiality agreements with staff and contractors
• Limited access on a need-to-know basis
• Regular reviews of data protection practices
• Data Protection Impact Assessments (DPIAs) where required

9. Third-Party Processors

We work with carefully selected third-party processors who assist in providing our services. All processors are bound by data processing agreements that ensure GDPR compliance.

Key categories of processors include:

• Cloud infrastructure providers (AWS, Google Cloud)
• Payment processors (Stripe, PayPal)
• Email service providers
• Analytics providers (with appropriate safeguards)
• Customer support tools

10. Data Breach Procedures

In the event of a personal data breach, we will:

• Notify the relevant supervisory authority within 72 hours (if required)
• Notify affected individuals without undue delay (if high risk)
• Document all breaches and actions taken
• Take immediate steps to mitigate harm
• Review and improve security measures

11. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

For a list of supervisory authorities, visit:European Data Protection Board Members

12. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures. Significant changes will be communicated through our services or via email.

13. Contact Us

For any GDPR-related inquiries or to exercise your rights: