GDPR Compliance
Learn how Shadcn Search complies with the General Data Protection Regulation (GDPR) to protect the personal data of EU/EEA residents.
Overview
At Shadcn Search (the "Company", "we", "us", or "our"), we are committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679 when processing personal data of individuals located in the European Union ("EU") or European Economic Area ("EEA").
This GDPR Compliance Statement outlines how we collect, use, process, store, and disclose your personal data in accordance with the GDPR when you use our search, discovery, account, and related services.
This statement applies specifically to the personal data of EU/EEA residents who use our search platform and related services.
Data Controller & Scope
The entity responsible for deciding how your personal data is processed ("Data Controller") is Shadcn Search.
Scope of Application
This statement applies to all personal data processing activities related to EU/EEA residents who use our Service, including account access, search functionality, saved preferences, analytics, support, and optional billing features.
Geographic Scope
These protections apply regardless of where the data processing takes place, as long as you are an EU/EEA resident using our services.
Legal Basis for Processing
We process personal data under the following GDPR-compliant legal bases:
Consent
When you have explicitly provided your consent, such as opting into non-essential cookies, communications, or other optional features.
Contractual Necessity
To provide and manage your account, deliver search and discovery features, process subscriptions or purchases where applicable, and provide the Service in accordance with our Terms of Service.
Legal Obligation
To comply with legal requirements such as financial regulations, tax obligations, and law enforcement requests.
Legitimate Interests
To protect our business interests, such as improving search quality, measuring performance, preventing fraud, ensuring security, maintaining reliability, and providing customer support. We always balance our legitimate interests against your rights and freedoms.
Personal Data We Process
For complete details on what personal data we collect and how we use it, please see our Privacy Policy. In summary, we may collect:
Contact details (name, email address, profile information)
Account information (login credentials, account preferences)
Search queries, saved items, favorites, or other product interactions
Payment details processed through secure third-party processors
Usage data and analytics (IP address, device information, usage patterns)
Technical data necessary for search, security, performance, and service delivery
We only collect and process personal data that is relevant, adequate, and limited to what is necessary for providing and improving our Service.
Your GDPR Rights
As an EU/EEA resident, you have the following rights regarding your personal data under the GDPR:
Right to be Informed
You have the right to be informed about how your personal data is collected and used
Right of Access
You can request a copy of the personal data we hold about you
Right to Rectification
You can request that we correct any inaccuracies in your personal data
Right to Erasure ('Right to be Forgotten')
You can request that we delete your personal data under certain conditions
Right to Restrict Processing
You can request that we limit the way in which we use your personal data
Right to Data Portability
You can request to receive your personal data in a structured, commonly used, and machine-readable format
Right to Object
You can object to the processing of your personal data under certain circumstances, such as direct marketing
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects
How to Exercise Your Rights: To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to your request within one month, or sooner where feasible.
International Data Transfers
We may transfer your personal data to countries outside the EU/EEA where we or our service providers operate hosting, authentication, analytics, search, database, payment, or support infrastructure. When doing so, we ensure appropriate safeguards are in place:
Standard Contractual Clauses (SCCs)
We incorporate SCCs approved by the European Commission for transfers to third countries, ensuring your data receives adequate protection.
Adequacy Decisions
Where the European Commission has determined that a non-EU country ensures adequate data protection, we may rely on such decisions for transfers.
Additional Safeguards
Our service providers may maintain additional safeguards such as Binding Corporate Rules to ensure consistent protection of your data.
If you would like more information on the specific mechanisms used to transfer your personal data, please contact us using the details below.
Search & Service Processing
Our Service involves specific processing activities that we want to make transparent:
Search and Discovery
We may process search queries, filters, page interactions, and saved resources to return relevant results, improve ranking, and make the Service easier to use.
Recommendations and Ranking
Search ranking, sorting, and recommendations may be automated. These features are designed to organize results and do not produce legal or similarly significant effects on you.
Preferences and Saved Data
If you use account features, we may retain saved resources, preferences, and related activity for as long as needed to provide those features or until deletion is requested.
Data Retention & Security
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy and to comply with our legal obligations. Specific retention periods include:
Account data: While your account is active plus reasonable period after closure
Saved searches, favorites, and preferences: While needed to provide account features unless deletion is requested
Analytics and technical logs: Retained for a limited period to maintain security, reliability, and product performance
Security Measures
We implement appropriate technical and organizational security measures to safeguard your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access:
Encryption of data in transit and at rest
Access controls and authentication systems
Regular security assessments and updates
Secure hosting and service processing environments
Staff training on data protection principles
Complaints & Supervisory Authority
If you believe we are processing your personal data in a way that infringes upon your rights or violates the GDPR, we encourage you to contact us first using the details provided below.
Contact Us First
We are committed to resolving any concerns you may have about our data processing practices. Please reach out to us at support@shadcnsearch.dev and we will work to address your concerns promptly.
Supervisory Authority
You also have the right to lodge a complaint with a supervisory authority in the EU/EEA Member State where you live, work, or where the alleged infringement of data protection law has taken place. You can find your local data protection authority through the European Data Protection Board website.
We will cooperate fully with any supervisory authority investigations and work to resolve any identified issues.
Contact Information
For any questions about this GDPR Compliance Statement, to exercise your rights, or to raise concerns about our data processing practices, please contact us:
We will respond to your GDPR-related requests within one month of receipt, and will provide updates if additional time is needed for complex requests.
This GDPR Compliance Statement is part of our commitment to data protection and privacy rights for all EU/EEA residents using Shadcn Search.