Skip to main content
Protect 10 Images Free — Instant Signup, No Card Needed
aFFirmFirst

GDPR Compliance

How aFFirmFirst complies with the UK GDPR and EU GDPR, and how you can exercise your data rights.

GDPR Compliance

Last updated: June 3, 2026

1. Our Commitment

aFFirmFirst is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). We process personal data lawfully, fairly, and transparently, and we apply privacy-by-design and privacy-by-default principles across our platform.

2. Data Controller & Processor Roles

For account and billing data, aFFirmFirst acts as the data controller. For the assets and content you upload to be protected and delivered, aFFirmFirst acts as a data processor, processing that content solely on your instructions to provide the Service.

3. Lawful Basis for Processing

  • Contract: To provide the Service you have subscribed to, including encrypted streaming, domain locking, and analytics.
  • Legitimate Interests: To secure our infrastructure, detect and prevent scraping, fraud, and abuse, and to improve the Service.
  • Legal Obligation: To comply with tax, accounting, and other legal requirements.
  • Consent: Where required, for example certain optional communications. You may withdraw consent at any time.

4. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: Limit how we use your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Rights Related to Automated Decision-Making: We do not use solely automated decision-making that produces legal effects concerning you.

5. How to Exercise Your Rights

You can exercise most rights directly from your account settings, or by contacting our Data Protection Officer. We will respond to verified requests within one month, as required by GDPR. We do not charge a fee for handling standard requests.

6. International Data Transfers

Where personal data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) and providers certified under recognised data protection frameworks. Our infrastructure runs on Cloudflare's global edge network with strong security controls.

7. Data Retention

Account data is retained for the duration of your subscription plus 30 days after cancellation. Audit logs are retained for 90 days (Pro) or 1 year (Enterprise). After the applicable retention period, data is securely deleted or anonymised.

8. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, in line with GDPR requirements.

9. Right to Lodge a Complaint

If you believe your data has not been handled in accordance with the law, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).

10. Contact Our Data Protection Officer

To exercise your rights or raise any GDPR-related concern, contact our Data Protection Officer at privacy@affirmfirst.com or write to: aFFIRMfirst, Cheshire, United Kingdom.