Data Protection Policy

Last updated: March 8, 2025

1. Introduction

Doubl is committed to protecting the personal data of its users, employees, and partners. This Data Protection Policy outlines our compliance with:

  • The General Data Protection Regulation (GDPR) (EU Regulation 2016/679)

  • The French Data Protection Act (Loi Informatique et Libertés) and CNIL guidelines

  • The Swiss Federal Act on Data Protection (FADP), effective September 2023

  • The California Consumer Privacy Act (CCPA) (Cal. Civ. Code § 1798.100 et seq.)

  • Other applicable international data protection laws

This policy establishes the principles, responsibilities, and processes Doubl follows to safeguard personal data.

2. Scope

This policy applies to:

  • All personal data processed by Doubl, including data from users, employees, contractors, and business partners.

  • All data processing activities, including collection, storage, transfer, and deletion of personal data.

  • Any third-party providers handling data on behalf of Doubl.

3. Principles of Data Processing

In accordance with Article 5 GDPR, Doubl follows these core data protection principles:

  • Lawfulness, Fairness, and Transparency – Data is processed in a lawful and transparent manner.

  • Purpose Limitation – Data is only processed for specified, explicit, and legitimate purposes.

  • Data Minimization – Only data necessary for the stated purpose is collected.

  • Accuracy – Data is kept accurate and up to date.

  • Storage Limitation – Data is retained only as long as necessary.

  • Integrity & Confidentiality – Data is processed securely to prevent unauthorized access.

  • Accountability – Doubl is responsible for ensuring compliance with these principles.

4. Legal Basis for Processing

As per Article 6 GDPR, Doubl processes personal data on the following legal bases:

  • Consent (Article 6(1)(a)) – Users provide consent for processing (e.g., accepting cookies, marketing preferences).

  • Contractual Necessity (Article 6(1)(b)) – Data is required for fulfilling a service contract.

  • Legal Obligations (Article 6(1)(c)) – Compliance with applicable laws.

  • Legitimate Interests (Article 6(1)(f)) – Processing necessary for fraud prevention, security, and service improvements.

For California users, Doubl ensures compliance with CCPA § 1798.100 regarding the collection, use, and sharing of personal data.

5. Data Retention & Storage

  • Personal data is stored securely on Supabase and AWS servers located in the EU.

  • Data is encrypted at rest and in transit to prevent unauthorized access (GDPR Article 32 – Security of Processing).

  • Retention Policy: Personal data is retained only as long as necessary for the stated purpose. After account deletion, personal data is permanently erased within 30 days, unless required otherwise by law (GDPR Article 17 – Right to Erasure).

6. User Rights & Requests

In compliance with GDPR Articles 12-22, CNIL, FADP, and CCPA, users have the right to:

  • Access their personal data (GDPR Article 15, CCPA § 1798.110).

  • Rectify incorrect or incomplete data (GDPR Article 16).

  • Request erasure of personal data (GDPR Article 17, CCPA § 1798.105).

  • Restrict or object to processing (GDPR Articles 18 & 21).

  • Request data portability (GDPR Article 20).

  • Opt-out of data sharing (CCPA § 1798.120).

Users can exercise these rights by contacting legal@getdoubl.com. Requests will be processed within 30 days as per GDPR regulations.

7. Data Security Measures

To ensure the confidentiality, integrity, and availability of personal data, Doubl has implemented the following security measures:

  • Encryption of data at rest and in transit (GDPR Article 32).

  • Access control policies to limit data access to authorized personnel only.

  • Regular security audits and vulnerability testing.

  • Incident response plan to detect and mitigate security threats.

8. Data Breach Notification

Under GDPR Articles 33-34, in the event of a personal data breach:

  • Doubl will notify the relevant data protection authority within 72 hours.

  • If the breach is likely to result in high risks to users, affected individuals will be informed promptly.

  • Security measures will be reviewed to prevent future breaches.

9. Third-Party Data Processors

Doubl ensures that all third-party service providers handling personal data adhere to strict data protection standards:

  • Supabase (Authentication, database management).

  • AWS (Cloud storage, infrastructure security).

  • Google Analytics & Sentry (Usage tracking, diagnostics).

All third-party providers are contractually obligated to comply with GDPR, CNIL, FADP, and CCPA regulations.

10. International Data Transfers

  • EU & Swiss Users: Data is stored within the EU, ensuring compliance with GDPR and FADP.

  • California Users: Data transfers comply with CCPA requirements.

  • Any transfer of personal data outside the EU follows GDPR Chapter V safeguards, including Standard Contractual Clauses (SCCs).

11. Employee & Internal Data Protection Compliance

  • All employees handling personal data undergo mandatory data protection training.

  • Internal policies restrict access to user data to only those employees who require it.

  • Misuse of personal data by employees is strictly prohibited and may result in disciplinary action.

12. Data Protection Officer (DPO) & Contact

For any inquiries or concerns regarding data protection, users may contact our Data Protection Officer (DPO):

Vincent Adler
 Email: legal@getdoubl.com
 Address: Donnerbrink 3, 33619 Bielefeld, Germany

13. Policy Updates

Doubl reserves the right to update this Data Protection Policy as necessary. Users will be informed of any significant changes.

© 2025 Doubl. All rights reserved.

All content, trademarks, logos, and intellectual property displayed on this website and the Doubl mobile application are the exclusive property of Doubl, unless otherwise stated. Any unauthorized use, reproduction, modification, distribution, or display of our content without explicit written permission is strictly prohibited.

If you believe that any content on this website or our mobile application infringes your copyright, you may submit a notification under the Digital Millennium Copyright Act (DMCA) by contacting us at legal@getdoubl.com.

This copyright notice applies globally, in accordance with applicable copyright laws of Germany, the European Union, the United States, France, and Switzerland. Any disputes arising from copyright claims shall be governed by the applicable jurisdiction in which Doubl operates.