# GDPR Compliance We recognize the impact that compliance with the GDPR has on our customers due to their usage of our Services. To address this, we've initiated several GDPR-related measures across our services: * **Enhanced security investments:** Our commitment to security has grown, featuring the implementation of tools for detecting vulnerabilities in dependencies, upgraded auditing and logging for all services, the introduction of new internal security policies, comprehensive staff security training, enhanced management of passwords and secrets, mandatory two-factor authentication, and the adoption of more robust password guidelines. * **Staff training:** We prioritise the education of our team on the proper management of customer data and personal information. * **Revised terms:** We've refined the structure and wording of all our terms and policies to more transparently convey the types of information we collect, its uses, our sharing practices, your rights, and additional details. * **Data subprocessors:** We openly list all [third-party data subprocessors](/legals/subprocessors.md), detailing their roles and locations. * **Data portability:** We've upgraded our data export capabilities, enabling customers to easily export their data and personal information whenever needed. ## Our security We're grateful for the trust placed in us to handle valuable data. That's why our architecture is designed with security at its core, adopting a 'privacy by design' strategy throughout the creation and enhancement of our Services. Our application operates on world-class, contemporary cloud infrastructure, crafted to protect your data securely. We've selectively partnered with reputable third-party cloud providers known for their strong security measures. Additionally, we implement industry-leading practices, such as consistent backups, data encryption, clean logging, and protection against prevalent cyber threats. Read more about our [security practices](/legals/trust-and-security.md). ## Data portability and right to be forgotten We help you honour your customers’ requests to export their data. Tability provides data portability and data management tools for exporting product and user data. We also help customers meet obligations under the GDPR's "right to be forgotten" (or "right to erasure") clause by making it easy to request the deletion of personal data from Tability. ## Privacy and consent Your privacy is important to us, and so is being transparent about how we collect, use, and share your information. In our [Privacy Policy](/legals/privacy-policy.md), we share what information we collect, how we use and store that data, and how you can access and control your information. ## Contact us If you have any questions, please email us at --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://guides.tability.io/legals/gdpr-compliance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.