GDPR Compliance Statement
Last Updated: June 28, 2026
This GDPR Compliance Statement complements our Privacy Policy and provides specific information for residents of the European Economic Area (EEA) and the United Kingdom (UK) regarding how Squaby (“we,” “our,” or “us”) collects, uses, and protects personal data in accordance with the General Data Protection Regulation (GDPR).
Data Controller
For the purposes of the GDPR, Squaby acts as the Data Controller for the personal data collected directly through our educational platform (squaby.com), including newsletter subscriptions, support requests, and site analytics.
Note on Third-Party Services: For third-party financial services integrated into our Site (such as the ChangeNOW crypto swap widget), the respective third party acts as the independent Data Controller regarding any financial or transactional data you provide directly to them.
Legal Basis for Processing Personal Data
We will only process your personal data when we have a valid legal basis to do so under Article 6 of the GDPR. Our legal bases include:
- • Consent: When you explicitly opt-in to receive our newsletter or marketing communications. You have the right to withdraw this consent at any time.
- • Legitimate Interests: To analyze website traffic, ensure the security of our platform, prevent fraud, and improve our educational (Squaby Academy) and analytical (Squaby Pro) services, provided these interests are not overridden by your data protection rights.
- • Contractual Necessity: When processing is required to provide specific services, resources, or agreements requested by you.
- • Legal Obligation: When processing is necessary to comply with applicable laws, regulatory requirements, or legal demands.
Your Data Protection Rights
Under the GDPR, you have the following rights regarding your personal data, which you can exercise at any time:
• The Right of Access (Article 15): You have the right to request copies of your personal data held by us.
• The Right to Rectification (Article 16): You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The Right to Erasure / “Right to be Forgotten” (Article 17): You have the right to request that we erase your personal data, under certain conditions.
• The Right to Restrict Processing (Article 18): You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The Right to Data Portability (Article 20): You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The Right to Object (Article 21): You have the right to object to our processing of your personal data, particularly for direct marketing purposes.
To exercise any of these rights, please contact us using the information provided in the section below. We will respond to your request within one month, as required by GDPR law.
International Data Transfers
Squaby operates globally. Your data may be transferred to, and processed in, countries outside of the EEA or the UK. When we transfer your personal data internationally, we ensure a similar degree of protection is afforded to it by utilizing safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or ensuring the destination country has been deemed to provide an adequate level of protection.
Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. When we no longer have a legitimate business need to process your personal data, we will either delete or anonymize it.
Contact & Supervisory Authority
If you have any questions about this GDPR Compliance Statement, the data we hold on you, or if you would like to exercise one of your data protection rights, please contact us at:
- Website: squaby.com
- Email: dpo@squaby.com
If you are a resident of the EEA or the UK and feel that our processing of your personal data infringes data protection laws, you have the legal right to lodge a complaint with your local supervisory authority responsible for data protection.