Global Compliance
Last updated: 2025-09-19
LeafLock is committed to protecting your privacy and meeting regulatory requirements across key jurisdictions, including the European Union, United States, United Kingdom, Canada, and Asia-Pacific regions. This document outlines your rights and how we comply with international privacy laws.
Your Privacy Rights
Section titled “Your Privacy Rights”European Union (GDPR)
Section titled “European Union (GDPR)”Under the General Data Protection Regulation (GDPR), you have the right to:
- Access: Request a copy of your personal data we hold
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your personal data (“right to be forgotten”)
- Portability: Receive your data in a machine-readable format
- Restriction: Limit how we process your data
- Object: Object to certain types of processing
United States
Section titled “United States”Under state privacy laws (CCPA, CPRA, CPA, VCDPA), you may have the right to:
- Know what personal information is collected and how it’s used
- Delete personal information we have about you
- Opt-out of the sale or sharing of personal information
- Non-discrimination for exercising your privacy rights
United Kingdom
Section titled “United Kingdom”Under UK GDPR and Data Protection Act 2018, you have similar rights to EU users:
- Access, rectification, erasure, portability, restriction, and objection rights
- Right to withdraw consent where processing is based on consent
Canada
Section titled “Canada”Under PIPEDA and provincial legislation, you have the right to:
- Know how your personal information is being used
- Access your personal information
- Request correction of errors
- File complaints with privacy commissioners
Asia-Pacific
Section titled “Asia-Pacific”- Singapore (PDPA): Right to access and correct personal data
- Australia (APP): Right to access and correct personal information
- China (PIPL): Right to know, delete, correct, and port personal information
How We Protect Your Data
Section titled “How We Protect Your Data”Security by Design
Section titled “Security by Design”- End-to-end encryption: Your notes are encrypted on your device before reaching our servers
- Zero-knowledge architecture: We cannot read your notes even if we wanted to
- Secure authentication: Industry-standard password hashing and secure session management
- Regular security audits: Automated vulnerability scans and security testing
Data Minimization
Section titled “Data Minimization”- We only collect data necessary to provide our service
- Personal data is automatically deleted according to our retention policies
- Analytics data is anonymized where possible
Transparency
Section titled “Transparency”- Clear privacy notices explaining how we handle your data
- Regular updates to our privacy documentation
- Open-source codebase for security transparency
Accessibility and Inclusion
Section titled “Accessibility and Inclusion”LeafLock is designed to meet WCAG 2.1 AA accessibility guidelines and supports users with disabilities. We continuously work to improve accessibility and welcome feedback on how we can better serve all users.
Data Transfers
Section titled “Data Transfers”When your data is transferred outside your region, we implement appropriate safeguards such as Standard Contractual Clauses or rely on adequacy decisions to ensure your data remains protected.
Incident Response
Section titled “Incident Response”In the unlikely event of a security incident affecting your personal data:
- We will notify you promptly if your data may be at risk
- We will notify relevant authorities within required timeframes
- We will provide clear information about what happened and what we’re doing about it
Contact
Section titled “Contact”For compliance questions, email contact@leaflock.app.