The General Data Protection Regulation (GDPR) serves as the cornerstone for regulating the processing of personal data of European Union (EU) citizens. At ScarletApp, we uphold the fundamental objective of GDPR — to empower citizens with control over their personal data. Our products align seamlessly with the stringent EU privacy policy standards.

Navigating GDPR’s Comprehensive Framework

GDPR comprises 11 chapters housing nearly 100 articles that delineate the principles and regulations surrounding personal data processing. Here are key highlights from this regulatory landscape:

European Union – General Data Protection Regulation

Article 5: Principles for the Processing of Personal Data


ScarletApp assumes the role of a dependable custodian of personal data, utilizing customer information solely for the provision of educational services. We categorically affirm that these data are neither sold nor employed for marketing endeavors.

Article 17: Right to Forget


In adherence to GDPR, schools possess the authority to exclude ScarletApp users at any given time. Moreover, individual users retain the autonomy to delete their data from ScarletApp, and we promptly erase data from schools that cease to utilize our services.

Article 32: Processing Security


ScarletApp prioritizes the secure storage of confidential personal information. Our team members adhere to contractual confidentiality agreements, and our data security measures encompass internal policies, data management procedures, personal data access restrictions, encryption protocols (for inactive data and data transmission), system monitoring, contingency plans, and stringent control over unauthorized individuals accessing personal information during data transmission.

Additional GDPR Compliance Highlights

Article 33: Notification of a Breach of Personal Data to the Supervisory Authority


In compliance with GDPR, ScarletApp promptly notifies the supervisory authority within the stipulated 72-hour timeframe following the discovery of any personal data breach. Should such a breach occur, ScarletApp initiates swift customer notification, conducts thorough investigations, and expeditiously restores the integrity of affected data systems. We fully cooperate and furnish required reports to those impacted by the breach.

Article 35: Impact Assessment


ScarletApp diligently conducts various safety assessments of our systems. These safety tests occur periodically, with some performed annually, others more frequently, and certain assessments conducted continuously to ensure the ongoing robustness of our security protocols.

Article 37: Appointment of a Data Protection Officer


ScarletApp boasts a designated Data Protection Officer empowered to perform security controls and influence product development, reinforcing our commitment to safeguarding your data.

Article 44: General Principle of Transmission


To safeguard the sovereignty and residence of data in the EU, the Regulation empowers the European Commission to decide on the adequacy of third countries or territories receiving transmitted data. ScarletApp, cognizant of this, assigns customers in the EU or UK to an EU data center located in Frankfurt, Germany. This center effectively manages all necessary ScarletApp applications and data servers, ensuring that servers outside this designated space are not employed for data storage or service provision to EU or UK customers.

At Scarletios, we embrace and adhere to the robust framework provided by GDPR, prioritizing the privacy and security of your data. Our commitment is unwavering, and we strive to provide a transparent and trustworthy environment for our users in compliance with these regulations.