Needle is GDPR Ready

Are Needle services GDPR compliant?

Yes. Needle is committed to transparent and secure handling of all personal data. Our processes have been reviewed to ensure we fully meet the requirements set forth in the EU General Data Protection Regulation (GDPR). We have implemented all necessary technical and organizational measures to protect your data.

What is Needle's role with respect to GDPR?

Needle acts as both a data controller and a data processor. Needle acts as a data controller for user information that we collect to provide our service and customer support. When processing your personal data for service delivery, Needle acts as a data processor in compliance with GDPR requirements.

Does Needle offer a Data Processing Addendum (DPA)?

Yes. If GDPR applies to your organization and you need a DPA to satisfy GDPR requirements, Needle makes one available at: Data Processing Addendum.

For questions or to execute a DPA, please contact support@useneedle.net.

How do you Delete User Data?

Needle lets you delete your account and all associated data permanently. To delete your data:

1. Go to your Settings
2. Click "Delete My Account"
3. Read the warning carefully
4. Confirm deletion
5. You will be logged out immediately
6. Account deletion will complete within 24 hours

How do you Export User Data?

Needle lets you export all your data in machine-readable formats (JSON, CSV). To export your data:

1. Go to your Settings
2. Click "Export My Data"
3. Select format (JSON or CSV)
4. Wait for export to complete (you will receive an email)
5. Download your data file

How is my data in Needle protected from misuse?

All data, including personal data, is protected by:

• Encryption: AES-256 encryption for sensitive data at rest
• Encryption in Transit: All data transmitted over HTTPS/TLS
• Access Controls: User-specific encryption keys and authentication
• Data Minimization: We only collect data necessary for service delivery
• Automatic Deletion: Old data is automatically deleted based on retention policies
• Security Audits: Regular security reviews and updates

How do you address a customer's request to 'Opt-Out Analytics'?

You can opt out of analytics tracking in two ways:

• In product: Use Manage cookies in the site footer (or the cookie banner) to turn off optional analytics, and open Account settings for email-related preferences where shown.
• Email Request: Contact support@useneedle.net to opt out

Opting out takes effect immediately. No analytics events will be tracked after you withdraw consent.

How do you address 'Data Rectification' requests?

GDPR includes a right for individuals to have inaccurate personal data rectified. In Needle, you can:

• Go to your Settings
• Update any incorrect information
• Click "Save"
• Changes are applied immediately

For name and photo: if your account is linked to Google sign-in, update your Google Account- changes sync on your next login. If you signed in with email link, your display name comes from your email; update other details in Settings.

Do I need to move my data to an EU data center?

Needle uses data centers and services that comply with GDPR requirements:

• Database: US-based with EU data centers available (Standard Contractual Clauses)
• Email: EU-based (no cross-border transfer)
• Storage: EU jurisdiction for data exports
• Cache: Global with EU/US regions available

All data transfers are protected by Standard Contractual Clauses (SCCs) where applicable. You do not need to move your data manually.