Is Private.Ki EU-GDPR compliant?

Yes. Private.Ki is GDPR compliant. Although our service is not based in the European Union, we have designed our service and our policies with the GDPR’s strict privacy and data protection requirements in mind.

The General Data Protection Regulation (GDPR) is an EU law that mandates how organizations must handle personal data, and Private.Ki was built around core principles like data minimization, user consent, and privacy by design – all of which align with GDPR.

Here are a few key points on how Private.Ki meets GDPR obligations:

  • Privacy by Design: From day one, we engineered Private.Ki such that we hold as little personal data about users as possible. You can sign up for Private.Ki with minimal information (we don’t ask for a phone number or even your real name, for example). Any identifying details (like an alternate email for recovery, if you choose to provide one) are stored securely and encrypted. By minimizing data collection, we reduce GDPR exposure. This approach mirrors Proton Mail’s stance, which complied with GDPR from the start as a privacy-focused service.

  • Encryption as a Protective Measure: GDPR encourages the use of technical measures like encryption to safeguard personal data. Private.Ki uses end-to-end and zero-access encryption for all user content, meaning personal data (such as the contents of your emails, messages, attachments, contacts) is protected to a very high standard. Even in the unlikely event of a data breach, the data would be unintelligible to unauthorized parties thanks to encryption. This satisfies GDPR’s requirements for data security and helps protect the privacy of personal data we process.

  • Consent and Communication: We only use your data for the purposes you signed up for (providing the encrypted email/chat service). We don’t profile you or serve ads based on your data. If we ever need to process data for other purposes, we will ask for your consent. For example, if you subscribe to a newsletter or update, that’s separate from core service emails. You have control over such preferences. We also handle breach notifications – in the unlikely event of a data breach involving personal data, we would inform affected you immediately.

  • No Selling of Data: Private.Ki does not monetize your personal data. GDPR emphasizes fairness and lawfulness in processing – our business model is likely subscription-based (similar to Proton), so we have no incentive or legal basis to exploit user data. We view our users, not advertisers, as our customers. This is fundamentally aligned with GDPR’s spirit.

In summary, using Private.Ki means your personal data is handled in a GDPR-compliant manner, although our service is not based in the EU.

Our strong encryption and minimal data retention are key components of that compliance, as they protect your data by default. We believe that our commitments – such as not keeping identifying logs and encouraging anonymous use – put us well ahead of the curve in meeting privacy regulations. European users (and those anywhere with similar laws) can feel confident that Private.Ki respects and upholds the GDPR principles of data protection.