Data Privacy &
GDPR Compliance
How we protect your data and respect your privacy rights
Our Commitment to Privacy
At LeyA, we are committed to protecting your personal data and respecting your privacy rights under GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and other applicable privacy laws.
Data Controller Information
Legal Basis for Processing
We process your personal data based on:
- Contract Performance - To provide the social media management services you subscribed to
- Legitimate Interest - To improve our services and prevent fraud
- Consent - For marketing communications (you can opt-out anytime)
- Legal Obligation - To comply with tax, accounting, and legal requirements
Your Privacy Rights
Under GDPR and other privacy laws, you have the right to:
Right to Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Data Portability
Receive your data in a machine-readable format
Right to Object
Object to processing of your data for certain purposes
Right to Restrict Processing
Limit how we use your personal data
Data We Collect
We collect and process the following categories of data:
- Identity Data: Name, business name, WhatsApp number
- Contact Data: Email address, phone number
- Account Data: Username, password (encrypted)
- Financial Data: Payment information (processed by Stripe)
- Technical Data: IP address, browser type, device information
- Usage Data: How you use our service, features accessed
- Content Data: Posts, captions, media you create
- Social Media Data: Connected account information, page access tokens
How We Protect Your Data
- Industry-standard encryption (TLS 1.3 for data in transit, AES-256 for data at rest)
- Regular security audits and penetration testing
- Access controls and authentication requirements
- Employee data protection training
- Secure data centers with physical security measures
- Regular backups with encryption
- Incident response procedures
Data Retention
We retain your data for as long as necessary to:
- Provide our services to you
- Comply with legal obligations (tax records: 7 years)
- Resolve disputes and enforce agreements
When you delete your account, we permanently erase your data within 30 days, except where legal retention requirements apply.
International Data Transfers
Your data may be transferred to and processed in countries outside your jurisdiction. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions for certain countries
- Appropriate safeguards as required by applicable law
Cookies and Tracking
We use minimal cookies for:
- Essential functionality (authentication, security)
- Analytics (anonymized usage data)
You can disable cookies in your browser settings, though this may affect service functionality.
How to Exercise Your Rights
To exercise any of your privacy rights, contact us via:
We will respond to your request within 30 days as required by law.
Complaints
If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority.