GDPR Compliance
Understand how CargoLint handles personal data, consent management, and data subject rights.
Data Processing Overview
CargoLint processes documents containing personal data on behalf of customers. We act as a Data Processor under GDPR, and our customers are Data Controllers.
Types of Personal Data
Documents processed may contain:
- Business contact information (names, emails, phone numbers)
- Addresses (billing, shipping, corporate)
- Tax identification numbers
- Signature images or initials
- Company employee names and titles
Consent Management
CargoLint tracks user consent for key areas including terms of service, privacy policy, and marketing communications.
Recording Consent
curl -X POST https://api.cargolint.com/api/v1/gdpr/consent \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"consentType": "privacy_policy",
"granted": true
}'Viewing Consent Records
curl -X GET https://api.cargolint.com/api/v1/gdpr/consent \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Right to Access (Data Export)
You can request a complete export of your personal data in JSON format:
curl -X POST https://api.cargolint.com/api/v1/gdpr/export \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Check the status of your export request:
curl -X GET https://api.cargolint.com/api/v1/gdpr/export/{export_id} \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Download the completed export:
curl -X GET https://api.cargolint.com/api/v1/gdpr/export/{export_id}/download \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Right to Deletion (Account Deletion)
You can request deletion of your account and personal data:
curl -X DELETE https://api.cargolint.com/api/v1/gdpr/account \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"confirmEmail": "your@email.com"}'Account deletion performs the following:
- Anonymizes your email and personal data
- Removes OAuth login links
- Deletes 2FA recovery codes
- Removes consent records and export requests
- Soft-deletes your organization if you are the sole owner
- Anonymizes IP addresses and user agents in audit logs
Data Retention Policies
- Active Account Data - Retained for contract duration
- After Account Deletion - Data anonymized immediately
- Audit Logs - IP and user agent anonymized upon account deletion
Sub-Processors
CargoLint uses the following sub-processors for essential functions:
| Sub-Processor | Purpose | Region |
|---|---|---|
| Microsoft Azure | Cloud infrastructure and AI services | Configurable |
| Stripe | Payment processing | US |
| SendGrid | Email notifications | US |
Compliance Features
- End-to-end encryption for all data in transit
- Comprehensive audit logs for compliance verification
- User consent tracking and management
- Full data export capability
- Account deletion with data anonymization