GDPR compliance at ClipSurface
We design our platform and practices to respect privacy and support customer compliance across the EU/EEA and beyond.
Roles and responsibilities
ClipSurface acts as a data processor for customer-controlled Personal Data processed through the Services, and as a data controller for limited account and website data.
Legal bases
We process Personal Data under contract necessity, legitimate interests, consent (where applicable), and legal obligations.
Subprocessors
We use vetted providers for hosting, analytics, email, and support. A current list is available on request and includes data location and purpose.
International transfers
Where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses and conduct transfer impact assessments.
Data Processing Addendum
A DPA reflecting GDPR Article 28 requirements is available for signature with security, confidentiality, and breach notification commitments.
Security measures
- Encryption in transit and at rest
- Access controls with least-privilege and MFA
- Audit logging and change management
- Vulnerability management and third-party assessments
Contact our privacy team
For data subject requests or GDPR questions, email us. We will respond as soon as possible, generally within 30 days.
Email (DPO): [email protected]
Address: Level 12, 477 Collins Street, Melbourne VIC 3000, Australia
Supervisory authority: You have the right to lodge a complaint with your local data protection authority.