Literra Logo
Literra
Go to App

GDPR Compliance

Back

Last updated: May 24, 2025

1. Introduction

Literra is committed to compliance with the General Data Protection Regulation (GDPR). This document outlines how we adhere to GDPR principles and details your rights regarding your personal data when using our Service. This GDPR Compliance document should be read alongside our Privacy Policy, which provides more information about our data processing activities.

2. Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

  • Consent: You have given explicit consent for us to process your data for specific purposes, such as when you opt-in to receive communications from us.
  • Contract: Processing is necessary for the performance of a contract with you, such as providing our academic writing assistance service.
  • Legal obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, such as improving our services, ensuring security, and preventing fraud.

3. Your Rights Under GDPR

Under GDPR, you have the following rights, which you can exercise by contacting us at gdpr@literra.xyz:

  • Right to access: You have the right to request a copy of your personal data that we hold.
  • Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
  • Right to restriction of processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to object: You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
  • Rights related to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

We will respond to your requests within one month, though this period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests.

4. How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at gdpr@literra.xyz. We may need to verify your identity before fulfilling your request. You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

5. International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). These countries may have data protection laws that differ from those in your country of residence.

We ensure appropriate safeguards are in place to protect your data when transferred internationally, such as:

  • Using standard contractual clauses approved by the European Commission
  • Transferring to countries with an adequacy decision from the European Commission
  • Implementing appropriate technical and organizational measures to ensure data protection

6. Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing, assessing, and evaluating the effectiveness of our security measures
  • Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore access to personal data in a timely manner in the event of a physical or technical incident
  • Regular staff training on data protection and security practices

7. Data Minimization and Retention

We adhere to the principle of data minimization, collecting only the personal data necessary for the specified purposes. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Different types of personal data may be retained for different periods. The criteria we use to determine retention periods include:

  • The purposes for which we collect and process the data
  • Legal obligations that require us to retain data for specific periods
  • Limitation periods for legal claims
  • Guidelines issued by relevant data protection authorities

8. Data Processing Records

We maintain records of our data processing activities as required by GDPR Article 30. These records include information about the categories of personal data we process, the purposes of processing, data subject categories, recipients of personal data, international transfers, retention periods, and security measures.

9. Data Protection Impact Assessments

Where processing operations are likely to result in a high risk to the rights and freedoms of individuals, we conduct Data Protection Impact Assessments (DPIAs) in accordance with GDPR requirements. These assessments help us identify and minimize data protection risks in our processing activities.

10. Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. In the event of a breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. We will also notify affected individuals directly if the breach is likely to result in a high risk to their rights and freedoms.

11. Data Protection Officer

You can contact our Data Protection Officer with questions or concerns about our data processing activities at dpo@literra.xyz.

12. Complaints

If you have a concern about our privacy practices, including the way we handled your personal data, you can contact us at gdpr@literra.xyz. You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or where the alleged infringement occurred.

To exercise your GDPR rights or for questions about our GDPR compliance, please contact us at gdpr@literra.xyz.