Data Governance Policy

How GoRabbit handles data responsibility, data security and data processing.

1. Purpose

This policy describes how GoRabbit governs, secures and processes data in the service. The aim is to ensure that personal data, campaign data and operational data are handled in a safe, transparent and verifiable way.

2. Roles and responsibilities

GoRabbit operates primarily as a data processor for the customer's data, unless otherwise agreed. The customer is the data controller and determines the purpose and basis for data processing.

  • GoRabbit processes data only on documented instructions.
  • The customer is responsible for the lawfulness of data uploaded, generated or processed through the service.
  • Any sub-processors are used only with a documented agreement (DPA).

3. Data processed

GoRabbit handles the following categories of data:

  • campaign texts, images, ideas and content
  • settings for publishing and automation
  • user data for login and access management
  • technical logs for stability and troubleshooting

4. Storage & processing

All data is stored and processed within the EEA. GoRabbit uses encrypted communication and strict access management for all operations.

5. Access management

Access to data is limited to authorised operators who need it to deliver the service or carry out troubleshooting. Access rights are reviewed regularly and logged through internal control mechanisms.

6. Security principles

GoRabbit follows established security principles inspired by recognised frameworks such as ISO 27001 and CIS Controls, without claiming full certification. This involves:

  • encryption in transit
  • continuous security assessment of modules and processes
  • logging of relevant events
  • strict operator access

7. Sharing & sub-processors

Data is shared only with sub-processors necessary for the service, and always with a documented data processing agreement (DPA).

8. Backup & continuity

GoRabbit maintains backup and recovery routines to ensure the stability of the service. The aim is that customer data can be restored within reasonable time in the event of an interruption.

9. Access & deletion

Customers can request access, export or deletion of their own data. GoRabbit assists as a data processor in line with the data processing agreement (DPA).

10. Changes to the policy

The Data Governance Policy is updated as needed to reflect changes in the service or the regulations. Changes are communicated through the platform or by email.