Compliance

GDPR Compliance

AIVizPilot is fully committed to the General Data Protection Regulation (GDPR). Here's how we protect your data and uphold your rights.

Our Commitment

Smarty Solution Mega Ltd (Company No. 16925741), trading as AIVizPilot, is a UK-registered company. As a data analytics platform, we understand the critical importance of data protection. We have designed our systems, processes, and policies from the ground up to comply with UK GDPR and EU GDPR requirements. We act as both a data controller (for account and billing data) and a data processor (for the data you connect to AIVizPilot).

Legal Basis for Processing

We process personal data under the following legal bases:

Contract Performance

Processing necessary to provide the Service you signed up for

Legitimate Interest

Improving our Service, preventing fraud, and ensuring security

Consent

Marketing communications and optional analytics (you can withdraw anytime)

Legal Obligation

Tax reporting, fraud prevention, and responding to legal requests

Your Rights

Data subject rights under GDPR

Right to Access

Request a copy of all personal data we hold about you. We will provide this within 30 days in a machine-readable format.

Right to Portability

Export your data in standard formats (JSON, CSV). Available anytime from your dashboard settings or via our API.

Right to Erasure

Request deletion of your personal data. We will comply within 30 days, except where retention is legally required.

Right to Rectification

Correct any inaccurate or incomplete personal data. You can update most information directly in your account settings.

Right to Restrict Processing

Request that we limit how we process your data while a complaint or correction request is being resolved.

Right to Object

Object to processing of your data for certain purposes, including direct marketing. We will stop unless we have compelling grounds.

Data Protection Measures

  • Encryption: AES-256 at rest, TLS 1.3 in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Auditing: Complete audit logs for all data access and modifications
  • Certifications: SOC 2 Type II certified infrastructure
  • DPA: Data Processing Agreements available for all customers
  • Breach Notification: We will notify affected users and authorities within 72 hours

International Data Transfers

Our primary data centers are located in the UK (London) and EU (Frankfurt), with additional capacity in the US (Virginia). For transfers outside the UK and EEA, we rely on the UK International Data Transfer Agreement (IDTA) and EU Standard Contractual Clauses (SCCs). Enterprise customers can opt for UK-only or EU-only data residency.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who oversees our GDPR compliance program. You can contact our DPO for any data protection related inquiries.

Exercising Your Rights

To exercise any of your GDPR rights, you can:

  • Use the self-service options in your account settings (export, delete, update)
  • Email our DPO at dpo@aivizpilot.com
  • Submit a request through our contact form

We will respond to all requests within 30 days. If we need more time, we will inform you within the initial 30-day period with an explanation.

Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. You can find your relevant authority at the Information Commissioner's Office (ICO) at ico.org.uk for UK residents, or your local EU supervisory authority at edpb.europa.eu.