Legal
GDPR Compliance
Last updated: February 1, 2026
Our Commitment
PRPPC OU, the company behind Webmachine, is registered and operates from Estonia within the European Union. We are fully committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and take your data protection rights seriously. This page outlines how we uphold your rights and the measures we take to protect your personal data.
Your Data Rights
Right of Access
You can request a complete copy of all personal data we hold about you, including account details, transaction history, tracking data, and session logs.
Right to Rectification
If any of your personal data is inaccurate or incomplete, you can update it directly in your dashboard settings or request that we correct it.
Right to Erasure
You can request deletion of your personal data. Note that some data must be retained for legal and financial compliance (e.g., financial records for 7 years).
Right to Data Portability
You can request your data in a structured, machine-readable format (JSON or CSV) to transfer to another service provider.
Right to Restrict Processing
You can request that we limit the processing of your data in certain circumstances, such as while a dispute about data accuracy is being resolved.
Right to Object
You can object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your rights.
How to Exercise Your Rights
To make a data subject request, follow these steps:
- Submit a request by emailing [email protected] with the subject line "GDPR Data Request" and specify which right you wish to exercise.
- Identity verification - We will verify your identity by confirming your account email address and may ask for additional verification to protect your data.
- Processing - We will respond to your request within 30 days. Complex requests may be extended by an additional 60 days with notification.
- Delivery - Data exports will be provided in JSON or CSV format via a secure download link.
Data Protection Measures
Webmachine implements the following technical and organizational measures to protect your data:
- Encryption: All data in transit is encrypted via TLS/SSL. Sensitive data at rest is encrypted using industry-standard algorithms.
- Authentication: Passwords are hashed with bcrypt (12 rounds). Two-factor authentication (TOTP) is available for all users.
- Session Security: Single active session enforcement, real-time force-logout via SSE, and configurable session timeouts (default: 30 minutes).
- Access Control: Role-based access control (RBAC) ensures users only access data relevant to their role. Admin actions are logged in an audit trail.
- Rate Limiting: API rate limiting (100 requests per window) and login attempt limits (5 attempts max) protect against brute-force attacks.
- Fraud Detection: Automated monitoring for suspicious patterns with defined thresholds for click velocity, conversion rates, and geographic anomalies.
Data Retention Schedule
| Data Category | Retention Period | Basis |
|---|---|---|
| Account Data | Active + 2 years | Contract |
| Tracking Events | 24 months | Legitimate Interest |
| Financial Records | 7 years | Legal Obligation |
| Fraud Alerts | 5 years | Legitimate Interest |
| Session Logs | 90 days | Security |
| Admin Action Logs | 5 years | Legal Obligation |
Data Processing Agreements
We maintain Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf. These agreements ensure that subprocessors adhere to the same data protection standards required by the GDPR.
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate within 72 hours. If the breach is likely to result in a high risk, we will also notify affected users directly via email.
Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate:
Andmekaitse Inspektsioon
Tatari 39, 10134 Tallinn, Estonia
Phone: +372 627 4135
Email: [email protected]
Contact Our Data Protection Team
PRPPC OU - Data Protection
Harju maakond, Tallinn, Kesklinna linnaosa
Pärnu mnt 105, 11312, Estonia
Email: [email protected]
See also: Terms of Service | Privacy Policy | Cookie Policy