GDPR Compliance

Our commitment to protecting your data

Last updated: April 14, 2026

At UpConfirm, personal data protection is a priority. We comply with the European Union's General Data Protection Regulation (GDPR) and are committed to transparency about how we process your data.

Your Rights Under GDPR

As a user, you have six fundamental rights: • Right of access — You can request a complete copy of your personal data at any time. • Right to rectification — You can request correction of any inaccurate or incomplete information. • Right to erasure — You can request the deletion of your personal data ("right to be forgotten"). • Right to portability — You can receive your data in a structured, machine-readable format. • Right to restriction — You can request the restriction of processing of your data. • Right to object — You can object to the processing of your data, particularly for marketing purposes. To exercise any of these rights, send an email to contact@upconfirm.com. We process all requests within 30 days. Complex requests may take up to 90 days.

How We Protect Your Data

We implement robust technical and organizational measures: • AES-256 encryption for data at rest • TLS 1.2+ encryption for data in transit • Role-based access controls (RBAC) • Continuous security monitoring • Automated backups with geographic redundancy • Regular security audits

Processing Activities

We process your data for the following purposes: • Order confirmation — Sending and managing WhatsApp confirmation messages to your customers • Analytics — Calculating performance statistics (confirmation rate, delivery rate) • Customer support — Processing your help requests and resolving issues • Billing — Managing your subscription and payments

International Transfers

Your data is hosted in the European Union through our partner Supabase. When data transfers outside the EU are necessary (for example, for Meta's WhatsApp API), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions to ensure an equivalent level of protection.

Data Retention

We apply strict retention periods: • Account data: retained while your account is active + 30 days after deletion • Order data: 24 months • WhatsApp conversations: 12 months • Analytics data: 26 months • Billing data: 7 years (legal requirement)

Technical and Organizational Measures

Our security infrastructure includes: • Hosting on certified EU servers (Supabase) • End-to-end encryption of sensitive data • Strict access control policies • Regular data protection training for our team • Data breach notification procedures (72 hours) • Data Protection Impact Assessments (DPIA) for high-risk processing

Contact Our DPO

For any questions about the protection of your data or to exercise your rights: Email: contact@upconfirm.com Phone: +212 663 679 647 UPCONFIRM LLC — 5830 E 2nd St, Ste 7000 #30802, Casper, Wyoming 82609, United States Office: Lotissement Firdaous GH1, Floor 2, Apt 14, Casablanca, Morocco We commit to responding to all requests within 30 days.