Documentation/Security & Compliance/GDPR Compliance

GDPR Compliance

EU data protection and privacy rights

TuskCPA is fully compliant with the EU General Data Protection Regulation (GDPR), ensuring that personal data of EU residents is processed lawfully, transparently, and securely.

GDPR Compliance Overview

Data Subject Rights

Users can access, rectify, erase, restrict processing, port data, and object to automated decision-making.

Lawful Basis

Processing based on consent, contract necessity, legal obligation, or legitimate interests with transparency.

Data Protection

Technical and organizational measures including encryption, pseudonymization, and access controls.

International Transfers

Standard Contractual Clauses (SCCs) for data transfers outside EU. Data Processing Agreement available.

Your Rights Under GDPR

Right to Access (Article 15)

Request a copy of all personal data we hold about you. Export your data anytime from Settings → Privacy → Download My Data.

Right to Rectification (Article 16)

Correct inaccurate personal data. Update your information anytime in account settings or contact us for assistance.

Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data. Email tuskcpa@gmail.com with subject "GDPR Erasure Request". We will delete within 30 days (except data required for legal obligations).

Right to Restriction of Processing (Article 18)

Request we stop processing your data while you contest accuracy or object to processing. Data will be stored but not used.

Right to Data Portability (Article 20)

Receive your data in machine-readable format (JSON, CSV) to transfer to another service. Available in Settings → Privacy.

Right to Object (Article 21)

Object to processing for direct marketing, profiling, or legitimate interests. Opt-out options available in all marketing emails.

Rights Related to Automated Decision-Making (Article 22)

Not subject to solely automated decisions with legal effect. All AI-generated content is reviewed by humans before use.

Data Processing Principles

  • Lawfulness, Fairness, Transparency: We process data legally with clear privacy policies
  • Purpose Limitation: Data collected only for specific, explicit, legitimate purposes
  • Data Minimization: Only collect data necessary for the service
  • Accuracy: Keep personal data accurate and up to date
  • Storage Limitation: Retain data only as long as necessary
  • Integrity & Confidentiality: Protect data with encryption and access controls
  • Accountability: Demonstrate compliance through documentation and audits

Data Processing Agreement (DPA)

For accounting firms processing EU client data, we act as a Data Processor and you are the Data Controller. Our DPA includes:

  • • Standard Contractual Clauses (SCCs) approved by EU Commission
  • • Details of processing activities and data types
  • • Security measures and sub-processor list
  • • Data breach notification procedures
  • • Data subject rights assistance
  • • Audit rights and compliance certification

International Data Transfers

TuskCPA is headquartered in the United States. When EU data is transferred to the US, we use Standard Contractual Clauses approved by the European Commission to ensure adequate protection.

Safeguards for International Transfers

  • • Standard Contractual Clauses (SCCs) - EU-approved transfer mechanism
  • • Supplementary measures including encryption and access controls
  • • Regular review of data protection laws in recipient countries
  • • Option to store data in EU region (Enterprise plan)

Data Breach Notification

In the event of a data breach affecting EU personal data:

  • • Notification to supervisory authority within 72 hours (if required)
  • • Notification to affected individuals without undue delay (if high risk)
  • • Detailed breach documentation maintained
  • • Post-breach analysis and remediation measures

Cookie Policy & Consent

We use cookies only with your explicit consent for non-essential cookies. Essential cookies for site functionality do not require consent.

Cookie Categories

  • Strictly Necessary: Required for authentication and security (no consent needed)
  • Functional: Remember preferences and settings (consent required)
  • Analytics: Understand usage patterns (consent required)
  • Marketing: We do not use marketing cookies

Children's Privacy

TuskCPA is not intended for children under 16. We do not knowingly collect personal data from children. If we discover such data, it will be deleted immediately.

Data Protection Officer

For GDPR-related questions or to exercise your rights, contact our Data Protection Officer:

Email: tuskcpa@gmail.com
Subject Line: "GDPR Request - [Your Request Type]"

We will respond to all requests within 30 days as required by GDPR.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe your GDPR rights have been violated.

GDPR Questions or Requests?

Contact our Data Protection Officer for assistance with privacy rights and compliance questions.

Contact DPO
Back to Documentation