AtoC.ai

GDPR Policy

Draft — Last updated: June 10, 2026

1. Scope

This GDPR Policy applies to all individuals located in the European Economic Area (EEA) who use AtoC.ai. It supplements our Privacy Policy and sets out your rights under the General Data Protection Regulation (EU 2016/679).

2. Data Controller

Maksim Golitsyn
Türkiye

3. Legal Basis for Processing

We process personal data under one or more of the following legal bases:

  • Contractual necessity (Art. 6(1)(b) GDPR) — to provide the language learning service.
  • Consent (Art. 6(1)(a) GDPR) — for optional features such as newsletters and analytics.
  • Legitimate interests (Art. 6(1)(f) GDPR) — for fraud prevention, security, and service improvement, balanced against your rights.
  • Legal obligation (Art. 6(1)(c) GDPR) — where required by applicable law.

4. Your Data Subject Rights

Under GDPR, you have the following rights:

  • Right of access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) — Request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing — Request that we limit processing under certain circumstances.
  • Right to data portability — Receive your data in a structured, commonly used, machine-readable format.
  • Right to object — Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent — Withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please use the in-app support channel. We will respond within 30 days.

5. Data Transfers Outside the EEA

When personal data is transferred outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) or by ensuring the destination country has an adequacy decision from the European Commission.

6. Data Protection Officer

We are not currently required to appoint a Data Protection Officer under GDPR Article 37. If this changes, we will update this policy accordingly.

7. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority or with the data protection authority in the jurisdiction of the data controller.