1. Purpose
This policy describes how GoRabbit governs, secures and processes data in the service. The aim is to ensure that personal data, campaign data and operational data are handled in a safe, transparent and verifiable way.
2. Roles and responsibilities
GoRabbit operates primarily as a data processor for the customer's data, unless otherwise agreed. The customer is the data controller and determines the purpose and basis for data processing.
- GoRabbit processes data only on documented instructions.
- The customer is responsible for the lawfulness of data uploaded, generated or processed through the service.
- Any sub-processors are used only with a documented agreement (DPA).
3. Data processed
GoRabbit handles the following categories of data:
- campaign texts, images, ideas and content
- settings for publishing and automation
- user data for login and access management
- technical logs for stability and troubleshooting
4. Storage & processing
All data is stored and processed within the EEA. GoRabbit uses encrypted communication and strict access management for all operations.
5. Access management
Access to data is limited to authorised operators who need it to deliver the service or carry out troubleshooting. Access rights are reviewed regularly and logged through internal control mechanisms.
6. Security principles
GoRabbit follows established security principles inspired by recognised frameworks such as ISO 27001 and CIS Controls, without claiming full certification. This involves:
- encryption in transit
- continuous security assessment of modules and processes
- logging of relevant events
- strict operator access
7. Sharing & sub-processors
Data is shared only with sub-processors necessary for the service, and always with a documented data processing agreement (DPA).
8. Backup & continuity
GoRabbit maintains backup and recovery routines to ensure the stability of the service. The aim is that customer data can be restored within reasonable time in the event of an interruption.
9. Access & deletion
Customers can request access, export or deletion of their own data. GoRabbit assists as a data processor in line with the data processing agreement (DPA).
10. Changes to the policy
The Data Governance Policy is updated as needed to reflect changes in the service or the regulations. Changes are communicated through the platform or by email.