GDPR · General Data Protection Regulation

This page is the EU- and UK-resident summary of how Tudo complies with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the UK GDPR. It complements our Privacy Policy.

• Performance of contract — to deliver the Service you signed up for (account, billing, hosting, transactional emails).
• Legitimate interests — security, abuse prevention, minimal product analytics, account-level support.
• Consent — non-essential cookies, marketing communications, optional integrations.
• Legal obligation — tax, anti-fraud, and data-protection obligations.

You have the right to:

• Access the personal data we hold about you.
• Have it corrected if inaccurate.
• Have it erased ("right to be forgotten").
• Restrict or object to processing.
• Receive your data in a portable format.
• Withdraw consent at any time, where consent was the basis.
• Lodge a complaint with your local supervisory authority (your EU Member State DPA, or the UK ICO).

The first four are self-serve from Settings → Profile → Your data inside Tudo. For anything else write to privacy@usetudo.com — we respond within 30 days as required by Art. 12.

Tudo is hosted in the United States. For EU/UK personal data, we rely on the EU Standard Contractual Clauses (Module 2: Controller-to-Processor) and the UK International Data Transfer Addendum. Both are incorporated by reference into our DPA.

While Tudo is based in the United States, we maintain channels with EU/UK regulators through our Brazilian and US legal teams. Until we appoint a formal Art. 27 representative, all GDPR/UK GDPR correspondence is handled by privacy@usetudo.com.

We notify the relevant supervisory authority within 72 hours of becoming aware of a breach likely to result in risk to individuals' rights and freedoms, and notify affected data subjects without undue delay where the risk is high.