← Back to Legal

GDPR Compliance

Our commitment to GDPR compliance and data subject rights

Last updated: January 2025

Buglify.ai is fully compliant with the General Data Protection Regulation (GDPR). We are committed to protecting the privacy and rights of EU citizens.

Legal Basis for Processing

  • Contract performance: To provide our penetration testing services
  • Legitimate interests: To improve our services and prevent fraud
  • Consent: For marketing communications (opt-in)
  • Legal obligation: For tax and accounting records

Data Subject Rights

Under GDPR, you have the right to:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

To exercise these rights, email gdpr@buglify.ai. We will respond within 30 days.

Data Transfers

We primarily process EU data within the EU (Germany). Any transfers to third countries use Standard Contractual Clauses (SCCs) approved by the European Commission.

How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

We will respond to your request within 30 days. In complex cases, we may extend this period by two additional months, and we will inform you of the extension and reasons.

Identity Verification

To protect your privacy, we may need to verify your identity before processing rights requests. We may request:

  • Account credentials or verification code sent to registered email
  • Additional identifying information if your identity cannot be confirmed

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that pose high risks to individuals' rights and freedoms. Our security scanning services have been assessed and appropriate safeguards implemented.

Records of Processing Activities

We maintain detailed records of our processing activities as required by Article 30 GDPR, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Recipients of personal data
  • International transfers and safeguards
  • Retention periods
  • Security measures

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. The relevant supervisory authority for Bulgaria is:

Commission for Personal Data Protection (CPDP)
2 Prof. Tsvetan Lazarov Blvd.
Sofia 1592, Bulgaria
Website: https://www.cpdp.bg

You may also contact the supervisory authority in your EU member state.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify the supervisory authority within 72 hours of becoming aware
  • We will notify affected individuals without undue delay if high risk
  • Notifications will include the nature of the breach, likely consequences, and measures taken

Contact Information

PXL Security LTD
blvd Vasil Levski 12
Sofia, Bulgaria
Email: gdpr@buglify.ai
Data Protection Officer: dpo@buglify.ai