// Legal // GDPR

GDPR Compliance

Соответствие GDPR

Last updated: April 4, 2026

1. Summary

The EU General Data Protection Regulation (GDPR) grants residents of the European Union and the European Economic Area extensive rights over their personal data. OmniShield is built around data minimization, so we hold very little data about you to begin with — but the rights below still apply, and we honour them.

RU: Мы соблюдаем GDPR и обрабатываем запросы от резидентов ЕС в течение 30 дней.

2. Data Controller

OmniShield Operations

Data Protection Officer: [email protected]

General privacy enquiries: [email protected]

PGP key: /pgp.txt

3. Your Rights Under GDPR

  • Right of access (Art. 15): Receive a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data.
  • Right to erasure / right to be forgotten (Art. 17): Have your data permanently deleted.
  • Right to restriction of processing (Art. 18): Limit how we process your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable JSON format.
  • Right to object (Art. 21): Object to specific processing activities.
  • Right not to be subject to automated decision-making (Art. 22): We do not perform any automated decision-making with legal effect.
  • Right to lodge a complaint (Art. 77): File a complaint with your local supervisory authority.

4. Lawful Basis for Processing

  • Contract (Art. 6(1)(b)): The minimal account and subscription data we hold are necessary to deliver the service you purchased.
  • Legitimate interest (Art. 6(1)(f)): Bandwidth counters for free-tier abuse prevention.
  • Legal obligation (Art. 6(1)(c)): We retain payment records for 30 days to comply with anti-fraud and accounting requirements.

5. International Transfers

Our infrastructure spans multiple countries to provide low-latency egress. Account metadata is stored on servers located in the European Union and is not transferred to third countries. Egress nodes only process traffic in transit and do not persist any data.

6. How to Submit a Request

To exercise any of your rights:

  1. Email [email protected] with the subject [GDPR Request].
  2. Include your account number (or Telegram ID) and the right you wish to exercise.
  3. We may ask for additional verification to confirm your identity (e.g., a signed message from the account's recovery key).
  4. We respond to all valid requests within 30 days, free of charge.

7. Complaints

If you are unsatisfied with our response, you have the right to lodge a complaint with the data protection authority in your EU member state. A list of authorities is available at edpb.europa.eu.