GDPR Compliance
How CakeMate protects your data under the General Data Protection Regulation.
Our Commitment to GDPR
CakeMate is fully committed to complying with the EU General Data Protection Regulation (GDPR). As a platform headquartered in Dublin, Ireland, we are subject to GDPR and have built our systems and processes with data protection by design and by default.
Legal Basis for Processing
We process personal data under the following legal bases:
- Contract Performance: Processing necessary to provide the Service you requested (account management, order processing, data storage).
- Legitimate Interest: Platform improvement, security monitoring, and fraud prevention.
- Consent: Marketing communications and non-essential analytics cookies.
- Legal Obligation: Compliance with tax, accounting, and regulatory requirements.
Your Data Subject Rights
Under GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data (“right to be forgotten”).
Right to Restrict Processing
Request that we limit how we use your data.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, email us at privacy@cakemate.io. We will respond within 30 days as required by GDPR.
Data Processing & Sub-processors
We use carefully selected sub-processors to provide the Service. All sub-processors are contractually obligated to process data in compliance with GDPR. Our primary sub-processors include:
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud hosting & infrastructure | EU (Ireland) |
| Stripe | Payment processing | EU / US |
| Postmark | Transactional email | US (SCCs) |
Data Security Measures
- All data encrypted in transit using TLS 1.2+ and at rest using AES-256.
- Role-based access control (RBAC) with principle of least privilege.
- Regular security audits and vulnerability assessments.
- Automated backup with point-in-time recovery.
- Data hosted in AWS EU-West-1 (Ireland) region.
Data Protection Officer
For GDPR-related enquiries or to submit a data subject request, contact our Data Protection Officer:
Email: dpo@cakemate.io
Address: CakeMate, Dublin, Ireland
Supervisory Authority
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC) of Ireland or your local supervisory authority.