GDPR Compliance
Last Updated: October 1, 2025
Summary: Found Opportunity is committed to protecting the privacy rights of European Union users. We comply with the General Data Protection Regulation (GDPR) through data minimization, transparency, and respect for user rights.
1. Our Role Under GDPR
Found Opportunity acts as a Data Processor when handling email data on behalf of our users (who are Data Controllers). We process personal data only as instructed by you and solely for the purpose of identifying business opportunities in your spam folder.
2. Legal Basis for Processing
We process personal data under the following lawful bases:
- Legitimate Interest (Article 6(1)(f)): Processing spam folder emails to identify business opportunities serves your legitimate commercial interests
- Consent (Article 6(1)(a)): You explicitly authorize access to your spam folder via OAuth authentication
- Contract Performance (Article 6(1)(b)): Processing is necessary to deliver the service you've contracted for
3. GDPR Principles We Follow
3.1 Data Minimization
We collect and process only the minimum data necessary:
- Email subject lines from spam folder
- Sender email addresses
- AI-generated opportunity analysis
- We do NOT store full email bodies, attachments, or content from other folders
3.2 Purpose Limitation
Data is used exclusively for identifying real estate opportunities in your spam folder. We never use your data for:
- Marketing to you (beyond service updates you authorize)
- Selling or sharing with third parties
- Training AI models for other purposes
- Any purpose beyond our stated service
3.3 Storage Limitation
All opportunity data is automatically deleted after 7 days. This short retention period minimizes risk and ensures we don't hold data longer than necessary for service delivery and quality improvement.
3.4 Accuracy
You can review and correct any inaccurate information in your account settings at any time.
3.5 Integrity and Confidentiality
We protect your data using:
- End-to-end encryption (TLS 1.3) for all data transmission
- Encrypted database storage
- Access controls limiting who can view your data
- Regular security audits and penetration testing
- SOC 2 Type II compliance (in progress)
4. Your Rights Under GDPR
As an EU data subject, you have the following rights:
Right to Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Restriction
Limit how we process your personal data
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing based on legitimate interests
How to Exercise Your Rights
To exercise any of these rights, email us at privacy@foundopportunity.com with:
- Your name and account email
- The specific right you wish to exercise
- Any additional details to help us fulfill your request
We will respond within 30 days as required by GDPR Article 12(3).
5. Data Transfers Outside the EU
Found Opportunity is based in the United States. When you use our service, your data may be transferred to and processed in the US. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs): We use EU-approved SCCs for international data transfers
- Security Measures: Encryption, access controls, and security protocols equivalent to EU standards
- Data Processing Addendum: Our DPA includes GDPR-compliant terms
6. Data Breach Notification
In the unlikely event of a data breach affecting your personal data, we will:
- Notify you within 72 hours of discovering the breach (GDPR Article 33)
- Provide details about the breach, affected data, and remediation steps
- Report to relevant supervisory authorities as required
7. Automated Decision-Making
Our AI analyzes emails to identify opportunities, but:
- You retain full control over which opportunities to pursue
- No automated decisions are made that legally or significantly affect you without human review
- You can contest AI classifications and request human review
8. Children's Privacy
Found Opportunity is not intended for individuals under 16. We do not knowingly collect data from children. If you believe we've inadvertently collected data from a child, contact us immediately at privacy@foundopportunity.com.
9. Supervisory Authority
If you're located in the EU and believe we're not complying with GDPR, you have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
10. Data Protection Officer
For GDPR-related questions or concerns, contact our data protection team:
- Email: privacy@foundopportunity.com
- Subject line: GDPR Inquiry
- Address: Found Opportunity, PO Box 727, Wainscott, NY 11975
Questions about our GDPR compliance? Email us at privacy@foundopportunity.com and we'll respond within 2 business days.