Our commitment
BETALL.APP is built GDPR-first. We process personal data lawfully, fairly and transparently, and we give our customers the tools and contractual guarantees they need to meet their own GDPR obligations.
Controller & processor roles
For customer CRM content, our customers are the controllers and we are the processor, acting only on documented instructions under our Data Processing Agreement (DPA).
Principles we apply
We implement the GDPR principles by design and by default:
- Lawfulness, fairness and transparency
- Purpose limitation and data minimization
- Accuracy and storage limitation
- Integrity and confidentiality (security)
- Accountability — documented, auditable processes
Data subject rights
The platform provides native tooling to support access, rectification, erasure (right to be forgotten), restriction, portability and objection. Personal data can be exported in JSON/CSV and fully erased on request.
Security measures
Tenant isolation, AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, optional 2FA, and an immutable audit trail. See our Security page for the full list.
EU hosting & transfers
All production data is hosted within the EU (Germany and Finland). Sub-processors are vetted and listed publicly, with Standard Contractual Clauses in place where required.
Breach notification
We maintain an incident response process and will notify affected controllers without undue delay, and within 72 hours where the GDPR requires, providing the information needed for onward notification.
Get the DPA
A Data Processing Agreement is generated automatically at sign-up and is available on request at dpo@betall.app.
Questions about this document? Contact legal@betall.app or our data protection officer at dpo@betall.app.