Data Protection

Last updated: March 2, 2026

1. Data Controller

The data controller for aidesign.guide is:

Romina Kavcic
Slovenia, European Union
info@aidesign.guide

2. Legal Basis for Processing

We process personal data under the following legal bases as defined by the GDPR:

  • Contract performance — processing necessary to provide your subscription and account services (Article 6(1)(b)).
  • Consent — for marketing emails and newsletters. You can withdraw consent at any time (Article 6(1)(a)).
  • Legitimate interest — for analytics, security, and fraud prevention, where our interest does not override your rights (Article 6(1)(f)).
  • Legal obligation — where required by tax, accounting, or other applicable laws (Article 6(1)(c)).

3. Cross-Border Data Transfers

Some of our third-party processors are based outside the European Economic Area (EEA), including in the United States. We ensure adequate protection through:

  • EU-US Data Privacy Framework (for certified US companies).
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Selecting processors that maintain adequate security certifications (SOC 2, ISO 27001).

Third-party processors involved in cross-border transfers include Stripe (payments), Vercel (hosting), and Google (authentication).

4. Data Protection Measures

We implement the following technical and organizational measures:

  • All data transmitted via HTTPS/TLS encryption.
  • Passwords hashed using industry-standard algorithms.
  • Access to personal data restricted to authorized personnel only.
  • Regular review of third-party processor security practices.
  • Payment data processed and stored exclusively by Stripe (PCI DSS Level 1 certified).

5. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk.
  • Document the breach, its effects, and remedial actions taken.

6. Your Rights

Under the GDPR, you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. For full details, see our Privacy Policy.

To exercise your rights, email info@aidesign.guide. We will respond within 30 days.

7. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia:

Informacijski pooblascenec RS
Dunajska cesta 22, 1000 Ljubljana, Slovenia
www.ip-rs.si

8. Children's Data

Our Site is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.