Legal
GDPR Policy
Last updated: March 10, 2026
This page describes how SaaSSkul complies with the General Data Protection Regulation (EU) 2016/679 and supplements our Privacy Policy.
1. Data Controller and Processor
SaaSSkul acts as the Data Controller for personal data collected directly through our website and platform (account data, contact form submissions).
For data our customers import and process through the platform (e.g., leads), SaaSSkul acts as a Data Processor on behalf of our customers, who are the Controllers.
2. Lawful Basis for Processing
- Contract (Art. 6(1)(b)): Processing necessary to provide the Service you subscribed to.
- Consent (Art. 6(1)(a)): Marketing emails and non-essential cookies — you may withdraw at any time.
- Legitimate Interests (Art. 6(1)(f)): Fraud prevention, security monitoring, and Service improvement.
- Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws and regulatory requirements.
3. Your Rights Under GDPR
| Right | What it means |
|---|---|
| Right of Access (Art. 15) | Request a copy of all personal data we hold about you. |
| Right to Rectification (Art. 16) | Request correction of inaccurate or incomplete data. |
| Right to Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten"). |
| Right to Restriction (Art. 18) | Request we limit processing in certain circumstances. |
| Right to Portability (Art. 20) | Receive your data in a structured, machine-readable format. |
| Right to Object (Art. 21) | Object to processing based on legitimate interests or for direct marketing. |
| Rights re: Automated Decisions (Art. 22) | Not be subject to solely automated decisions with significant effects. |
To exercise any right, email privacy@saasskul.com. We will respond within 30 days and may verify your identity first. Requests are free of charge.
4. International Data Transfers
Some of our service providers (Supabase, Anthropic) may process data outside the EEA. Where this occurs, we ensure appropriate safeguards via Standard Contractual Clauses (SCCs) approved by the European Commission, or rely on adequacy decisions.
5. Data Retention
We retain personal data only as long as necessary for the purposes described, or as required by law. Account data is deleted within 30 days of account closure. Anonymised analytics data may be retained indefinitely.
6. Data Breach Notification
We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that poses risk to data subjects. Where the risk is high, we will notify affected individuals without undue delay.
7. Data Protection Contact
For all GDPR-related inquiries, including exercising your rights or raising a concern, contact our Data Protection team below.
SaaSSkul — Data Protection
Email: privacy@saasskul.com
Phone / WhatsApp: +92 (332) 213 7898
Address: Cantt Bazar Faisal, Karachi, Pakistan
Contact form: saasskul.com/contact
8. Right to Lodge a Complaint
If you believe we are processing your data in violation of GDPR, you have the right to lodge a complaint with your local supervisory authority. Find your authority at edpb.europa.eu.