Gangly
Start free trial
GDPR · Data Protection

Your data rights, in plain English.

If you're in the EU, UK, or Switzerland, the GDPR gives you specific rights over the personal data any company holds about you. This page explains each right, how to use it with Gangly, and how long we take to respond.

The short version.

TL;DR · Plain English

  • ✓ You have 8 rights under the GDPR. This page explains each one.
  • ✓ We respond to data rights requests within 30 days — usually much faster.
  • ✓ DPA available for all customers, with SCCs attached for EU→US transfers.
  • ✓ EU data residency available on Growth and Scale plans.

Who this applies to

Section 01

The GDPR protects individuals in the EU, UK, and Switzerland. If you're a customer, team member, or someone whose data we process via our customers, these rights apply to you regardless of where Gangly is operated from.

Section 02

You have the right to:

Section 03

Email privacy@getgangly.com with:

We may ask for proof of identity before acting on a request. That's to protect you — we don't want to hand your data to someone pretending to be you.

Response time

We respond within 30 days. Most requests are closed within 3 business days.

Section 04

If you're a customer processing personal data on behalf of others, GDPR requires a DPA between us. We have a standard DPA with Standard Contractual Clauses attached for EU→US transfers. Email privacy@getgangly.com and we'll send it within one business day.

Section 05

Gangly relies on a short list of subprocessors to deliver the service — cloud infrastructure, transcription, payments, error monitoring. Each is bound by contract to GDPR-compatible data protection standards. A current subprocessor list is available on request, and we notify customers before adding any new subprocessor that touches customer data.

Section 06

Our primary infrastructure is in the United States. For EU and UK customers, we rely on Standard Contractual Clauses (EU) and the UK International Data Transfer Addendum as the legal basis for cross-border transfers. EU data residency is available on Growth and Scale plans.

Section 07

If you're unhappy with how we handle a request, you can lodge a complaint with your local supervisory authority. In the UK that's the ICO. In the EU it's the data protection authority in your country of residence.

  • Be informed — know what data we hold and why.
  • Access — request a copy of your personal data.
  • Rectification — correct anything inaccurate.
  • Erasure — ask us to delete your personal data.
  • Restrict processing — limit what we do with your data.
  • Portability — receive your data in a machine-readable format.
  • Object — object to specific processing activities.
  • Withdraw consent — opt out of processing that relies on consent.
  • Which right you're exercising
  • The email address associated with your Gangly account
  • Any additional context that helps us locate your data

Your rights

Section 02

You have the right to:

  • Be informed — know what data we hold and why.
  • Access — request a copy of your personal data.
  • Rectification — correct anything inaccurate.
  • Erasure — ask us to delete your personal data.
  • Restrict processing — limit what we do with your data.
  • Portability — receive your data in a machine-readable format.
  • Object — object to specific processing activities.
  • Withdraw consent — opt out of processing that relies on consent.

How to exercise your rights

Section 03

Email privacy@getgangly.com with:

We may ask for proof of identity before acting on a request. That's to protect you — we don't want to hand your data to someone pretending to be you.

Response time

We respond within 30 days. Most requests are closed within 3 business days.

  • Which right you're exercising
  • The email address associated with your Gangly account
  • Any additional context that helps us locate your data

Data Processing Agreement

Section 04

If you're a customer processing personal data on behalf of others, GDPR requires a DPA between us. We have a standard DPA with Standard Contractual Clauses attached for EU→US transfers. Email privacy@getgangly.com and we'll send it within one business day.

Subprocessors

Section 05

Gangly relies on a short list of subprocessors to deliver the service — cloud infrastructure, transcription, payments, error monitoring. Each is bound by contract to GDPR-compatible data protection standards. A current subprocessor list is available on request, and we notify customers before adding any new subprocessor that touches customer data.

International transfers

Section 06

Our primary infrastructure is in the United States. For EU and UK customers, we rely on Standard Contractual Clauses (EU) and the UK International Data Transfer Addendum as the legal basis for cross-border transfers. EU data residency is available on Growth and Scale plans.

Complaints

Section 07

If you're unhappy with how we handle a request, you can lodge a complaint with your local supervisory authority. In the UK that's the ICO. In the EU it's the data protection authority in your country of residence.

GDPR requests, DPAs, and EU data residency.

Questions or requests

Start free trial Book a demo