·

GDPR Compliance

Learn how Tomba complies with GDPR requirements and protects the privacy of EU residents' personal data.

Overview

The EU General Data Protection Regulation (GDPR) is the most comprehensive data privacy regulation in history. Since May 25, 2018, it has set the standard for how organizations collect, use, and protect personal data of EU residents.

Tomba is committed to GDPR compliance and applies its principles across all our services.

Does GDPR Affect You?

GDPR applies to any processing of EU residents' personal data, regardless of where the processor or controller is located.

If you use Tomba from the US to reach US companies only - GDPR may not apply to your use case.

If any of your customers or leads are in the EU - You should ensure GDPR compliance.

In practice, most organizations worldwide need to consider GDPR requirements.

What Is GDPR?

GDPR establishes a new standard for how organizations handle personal information of individuals in the European Economic Area (EEA). Key principles include:

  • Lawfulness, Fairness, and Transparency - Data must be processed legally and openly
  • Purpose Limitation - Data collected for specific, legitimate purposes only
  • Data Minimization - Only necessary data should be collected
  • Accuracy - Data must be kept accurate and up to date
  • Storage Limitation - Data retained only as long as necessary
  • Integrity and Confidentiality - Data must be secured against unauthorized access

Your Organization's Responsibilities

Whether based in the EEA or not, organizations that process personal data of EEA individuals must:

  • Process data in accordance with GDPR requirements
  • Ensure service providers also comply with GDPR
  • Protect employee and customer personal data
  • Respond to data subject access requests
  • Report data breaches within 72 hours

Tomba's GDPR Commitment

We have implemented comprehensive measures to ensure GDPR compliance:

1. Contractual Compliance

Our Data Processing Addendum incorporates GDPR requirements and is included in our Terms of Service. We commit to:

  • Transparency - Never using your data except as you instruct
  • Security - Maintaining appropriate technical and organizational measures
  • Assistance - Supporting your data subject request obligations

2. Security Infrastructure

We continuously improve our security measures:

  • Enterprise-grade firewall protection
  • Web Application Firewall (WAF) through Cloudflare
  • Two-factor authentication for all administrative access
  • Regular security audits and updates
  • Encrypted communications across all systems

3. Right of Erasure

We respect individuals' right to be forgotten:

  • Data removed from source websites is automatically removed from our database
  • Use our Claim feature to expedite data removal
  • Options to update or completely remove personal data

4. Data Residency

All data storage and processing occurs exclusively within the European Union, including off-site backups.

5. Data Portability

GDPR guarantees users the right to download their data. Tomba has always enabled data export functionality.

Children's Privacy

Tomba does not knowingly collect personal data from children under 13. If you believe a child has provided personal data through our service, contact us immediately at support@tomba.io and we will promptly remove it.

Log Files

We maintain standard log files for security and analytics:

  • IP addresses
  • Browser type
  • Date and time stamps
  • Page views and navigation

These logs are not linked to personally identifiable information and are used for trend analysis, site administration, and security monitoring.

GDPR FAQ

How long do you store customer data? We store data while accounts are active and for up to 3 years after inactivity, or until deletion is requested.

Where is customer data stored? EU customer data is stored in European data centers (Germany) hosted by DigitalOcean and Cloudflare.

Who has access to personal information? Access is limited to customer support, development, and marketing teams, and only when necessary or with customer approval.

How do you handle deletion requests? We process deletion requests immediately upon receipt.

What data categories do you process? Name, email, phone number, address, IP address, timestamps, browser cookies, and additional data collected by customers.

Questions?

Review our Privacy Policy for detailed information on data processing.

For additional questions, contact our support team.

Cookie Policy

Learn how Tomba uses cookies to improve your experience, analyze usage, and provide personalized services.

Privacy Notice for California Residents

This California Privacy Notice supplements Tomba's Privacy Policy for California residents, covering CCPA rights and disclosures.

Start finding verified emails today

Join 150,000+ professionals who trust Tomba for accurate contact data. No credit card required.
Get started for freeView pricing