GDPR Compliance

Your data rights and how we protect them

Last updated: 18/09/2025

What Is GDPR?

The General Data Protection Regulation (GDPR) is a European law that gives people strong rights over their personal data. Even though cub.ooo is based in the US, we believe everyone deserves these protections, so we apply GDPR-style rights to all our users worldwide.

About Us

Data Controller: Ashoor AI, Inc.

Address: 2810 North Church Street PMB 356782, Wilmington, DE 19802, US

Data Protection Contact: hello@cub.ooo

EU Representative: Not required (we don't have an EU establishment)

Your Data Rights

Under GDPR and our commitment to privacy, you have these rights regarding your personal data:

πŸ” Right to Access

You can request a copy of all personal data we have about you and your child.

How to exercise: Email hello@cub.ooo with "Data Access Request" in the subject line.
Response time: Within 30 days, free of charge.

✏️ Right to Rectification

You can ask us to correct any personal data that's inaccurate or incomplete.

How to exercise: Most information can be updated directly in your cub.ooo account. For other corrections, email hello@cub.ooo.
Response time: Within 30 days, free of charge.

πŸ—‘οΈ Right to Erasure ("Right to be Forgotten")

You can request that we delete your personal data in certain circumstances.

When this applies: When data is no longer necessary, you withdraw consent, or data was processed unlawfully.
Limitations: We may need to keep some records for legal obligations (e.g., financial records for tax purposes).
How to exercise: Email hello@cub.ooo with "Data Deletion Request" in the subject line.

🚫 Right to Restrict Processing

You can ask us to limit how we use your data in certain situations.

When this applies: When you're disputing data accuracy, processing is unlawful, or you need data for legal claims.
How to exercise: Email hello@cub.ooo explaining your request.

πŸ“¦ Right to Data Portability

You can get your data in a format that's easy to move to another service.

What you get: Your profile information, child's data, photos, and messages in JSON or CSV format.
How to exercise: Email hello@cub.ooo with "Data Export Request" in the subject line.

βœ‹ Right to Object

You can object to certain types of data processing, particularly for marketing.

What this covers: Marketing emails, analytics tracking, and other non-essential processing.
How to exercise: Use unsubscribe links in emails or contact hello@cub.ooo.

Legal Basis for Processing

We process your data based on these legal grounds:

  • Contract Performance: To provide cub.ooo services as agreed in our Terms of Service
  • Legitimate Interests: To improve our service, provide customer support, and ensure security
  • Consent: For marketing communications and analytics (you can withdraw anytime)
  • Legal Obligations: To comply with financial, tax, and other legal requirements

Children's Data

We take extra care with children's information:

  • We only process children's data when parents/guardians have given explicit consent
  • Children's data is used only for legitimate nursery management purposes
  • Parents can exercise all GDPR rights on behalf of their children
  • We implement additional security measures for children's photos and videos
  • Data is shared only with authorized nursery staff and the child's parents/guardians

International Data Transfers

cub.ooo is hosted in the US, but we work with global service providers:

  • Primary hosting: US (AWS, Supabase, Vercel)
  • Analytics: US (Mixpanel)
  • Communications: US (Twilio, Resend, Intercom)
  • Payments: US (Stripe)

All our service providers implement appropriate safeguards for international data transfers, including standard contractual clauses and adequate security measures.

Data Retention

Active Accounts

We keep your data as long as your account is active and for legitimate business purposes.

After Account Deletion

Most data is deleted within 30 days. Some records may be kept longer for legal obligations (e.g., financial records for 7 years).

Backups

Data in system backups is automatically deleted within 90 days of account closure.

Data Breach Notification

If we discover a data breach that could affect your rights and freedoms, we'll notify you within 72 hours via email. We'll explain what happened, what data was involved, and what steps we're taking to fix the issue.

How to Exercise Your Rights

Quick Contact

Email: hello@cub.ooo

Subject Line: Include the type of request (e.g., "Data Access Request", "Data Deletion Request")

Response Time: Within 30 days (we'll confirm receipt within 48 hours)

What to Include in Your Request

  • Your full name and email address associated with your cub.ooo account
  • If requesting on behalf of a child, proof of parental authority
  • Clear description of what you're requesting
  • Any specific data categories you're concerned about

Identity Verification

To protect your privacy, we may ask you to verify your identity before processing requests involving sensitive data. This might include logging into your account or providing additional identification.

Right to Complain

If you're not satisfied with how we handle your data or respond to your requests, you have the right to file a complaint with a supervisory authority:

  • EU residents: Contact your local data protection authority
  • UK residents: Contact the Information Commissioner's Office (ICO)
  • US residents: While GDPR doesn't apply, you can contact your state attorney general

We'd prefer to resolve any concerns directly, so please contact us first at hello@cub.ooo.

Updates to This Policy

We may update this GDPR compliance information occasionally to reflect changes in our practices or legal requirements. We'll notify you of significant changes via email or app notification.

Questions?

Have questions about your data rights or our GDPR compliance? We're here to help. Contact our data protection team at hello@cub.ooo