Rheaply GDPR
Use sidebar to navigate.
General Data Protection Regulation – Last Updated June 16th, 2026
As a global application service provider, in accordance with our information security and data privacy practices as Data Controller, Rheaply complies with all applicable data privacy regulations. We are providing the following information in order for users and customers to understand our compliance posture.
Questions and comments can be sent to ciso@rheaply.com, or you can read our privacy statement for more information.
| Control | Description |
| Individual Responsible for GDPR Compliance | Josh Mitchell, VP of Engineering |
| Purpose of Processing | Functionality of the Rheaply platform is dependent upon use of some PII. More information on what PII Rheaply collects and how it’s used can be found here. |
| Lawful Basis for Collection & Processing | GDPR Article 6(1)(a) – consent |
| Data Subject Access Requests | Requests for data access, modification or deletion may be sent to ciso@rheaply.com |
| Data Protection and Information Security | Rheaply maintains a comprehensive system to monitor and protect the confidentiality and accessibility of our data, which is audited annually by a third part assessor. Our current SOC 2 Type II report is available on request and our trust report can be found here. |
| Breach Notification | Any breach of sensitive data will be quickly reported to affected parties according to our Incident Response Policy and applicable regulations. |
