VYRALVYRAL
Log inSign up for early launch

GDPR Compliance

Last updated: December 2025

VYRAL is fully committed to GDPR compliance. We have implemented comprehensive measures to ensure the protection of personal data for all our users.

Our GDPR Commitments

Data Minimization

We only collect data that is necessary for providing our service. We do not collect excessive or unnecessary personal information.

Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes:

  • Providing analytics and performance insights
  • Enabling AI-powered content coaching
  • Enabling user-initiated content publishing to LinkedIn
  • Processing payments and managing subscriptions

We do not process data in ways incompatible with those purposes.

Storage Limitation

We retain personal data only for as long as necessary. When you delete your account, your data is permanently removed.

Security

We implement:

  • Encryption at rest and in transit (TLS 1.2+)
  • Row-level security (RLS) ensuring users only access their own data
  • Secure authentication with hashed passwords
  • OAuth tokens stored with AES-256 encryption
  • Regular security audits and monitoring
  • Access controls limiting employee access to personal data

Transparency

Our Privacy Policy clearly explains what data we collect, how we use it, and your rights.

Data Subject Rights

We fully support all GDPR rights:

  • Right of Access – Request a copy of your data
  • Right to Rectification – Correct inaccurate data
  • Right to Erasure – Delete your account and all data
  • Right to Restrict Processing – Limit how we use your data
  • Right to Data Portability – Export your data
  • Right to Object – Object to certain processing
  • Rights Related to Automated Decision-Making – Human review of AI decisions

Consent for LinkedIn Publishing

Publishing content to LinkedIn requires your explicit action. We implement a clear consent model:

  • You must click "Publish" and confirm before any content is posted
  • You can review and edit content before publishing
  • Scheduled posts can be cancelled at any time before publishing
  • You can revoke publishing permissions by disconnecting LinkedIn

Lawful Basis for Processing

We process personal data under the following legal bases:

  • Contract – Processing necessary to provide our service (Art. 6(1)(b))
  • Consent – Where you have given explicit consent, including LinkedIn publishing (Art. 6(1)(a))
  • Legitimate Interest – For service improvement and security (Art. 6(1)(f))
  • Legal Obligation – Where required by law (Art. 6(1)(c))

Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all our sub-processors, ensuring they meet GDPR requirements.

International Transfers

Where data is transferred outside the EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.

AI and Data

We do not use customer data outside VYRAL. Any data used for analytics or AI is fully anonymized and cannot be traced back to individual users. We do not sell, share, or monetize your personal data in any way.

Data Protection Officer

For GDPR-related inquiries, you can contact us at: johan@getvyral.io

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

For Denmark: Datatilsynet (Danish Data Protection Agency)

Summary

  • ✓ Full GDPR compliance
  • ✓ Encryption at rest and in transit
  • ✓ Row-level security
  • ✓ Right to deletion at any time
  • ✓ DPAs with all sub-processors
  • ✓ No data selling or sharing
  • ✓ Anonymized AI processing
  • ✓ Explicit consent for LinkedIn publishing