GDPR Compliance

GDPR Compliance

What is GDPR?

GDPR, or the General Data Protection Regulation, is a legal framework initiated by the European Union that sets guidelines for the collection and processing of personal data of individuals within the EU. This regulation emphasizes transparency, control, and accountability in how personal data is handled. This document explains how DreamRocket handles your personal data, our role in data protection, and your responsibilities as a user. We highly encourage you to review this and related documentation before using our services. DreamRocket is not liable for data mismanagement on the part of users or third-party services. Use the application responsibly and stay informed

Definition of Personal Data

Personal data refers to any information that can be directly or indirectly used to identify a person. This includes names, email addresses, profile pictures, geolocation data, device identifiers, IP addresses, and social media content. Personal data always belongs to the individual, regardless of where it is stored. It cannot be accessed, shared, or processed without the user’s explicit or implied permission. For example, posting a public comment gives implied permission for it to be viewed by others. However, DreamRocket is responsible for disclosing if any user data will be shared externally. Users must understand both their rights and obligations when submitting data within the application

Responsibility of Developer

The developer of DreamRocket is tasked with securing the backend where user data is stored. This includes any information you enter (e.g., name, email) and metadata collected through interactions (e.g., IP address, browser type). All data saved on our servers is protected by secure practices, and users will be informed about both session-based (temporary) and database-stored (permanent) data. You will also have the ability to delete your data permanently by removing your account. We never log user actions for resale or third-party analytics. Occasionally, the developer may require admin credentials to resolve issues, but these should be changed immediately afterward. Developers are not liable for security issues that arise due to leaked credentials or server misconfigurations. Always consider the risk of sharing sensitive data online.

Responsibility of Application Admin

The application administrator holds the highest access privileges, including database control and user data visibility. With this access comes the duty to maintain strict data security and prevent unauthorized sharing. Admins must clearly inform users of any planned data usage or third-party access during the registration or onboarding process. No one should extract data under misleading means such as surveys or disguised forms. As the highest authority on the platform, the admin is responsible for user data confidentiality and integrity.

User’s Responsibility

Users are the gatekeepers of their own data. If you choose not to submit personal data, there’s no risk of that data being exposed — but this may limit your access to services. You should carefully read the privacy policies and documentation before entering personal information. Strong, unique passwords should be used to safeguard your account. Even though your data is encrypted, poor password choices can still make your account vulnerable. If you share credentials or suspect suspicious activity, update your password immediately. Always think before you share.

Our Action on GDPR

Supported GDPR Features

Your data, your control:
When you cancel your subscription or delete your account, we provide the option to permanently erase all associated data. This deletion is irreversible. We recommend backing up any important data beforehand.

Your privacy is protected:
We encrypt most personal data stored in our database. In the event of a breach, any stolen data is in encrypted form — unreadable to outsiders. Some data (like usernames) may remain unencrypted for usability but are still stored securely.

No unwanted cookies:
We offer an option to disable cookie and session storage. Even if you allow session storage, all data is automatically wiped upon logout. We recommend not saving credentials in your browser — use secure password managers like 1Password or LastPass.

No activity tracking:
We do not log or monitor user behavior for advertising or profiling. Any logs that capture IP addresses or login times are used strictly for security and are deleted when your account is closed.

No manipulation or profiling:
We do not analyze your behavior to sell products or influence your decisions. Ethical user privacy is our priority.

Stay informed:
We notify you about major account-related actions like registration, password changes, or suspicious access via email. If anything unusual occurs, take appropriate steps such as resetting your credentials.

Policy change alerts:
You will be notified of updates to this policy or related privacy terms. Stay alert and review these updates to stay informed.

HTTPS protection:
All data exchanged with DreamRocket is encrypted via HTTPS. Even if intercepted, the data remains unreadable due to encryption.

No hidden collection:
We do not collect your data without your knowledge. Once deployed, even our team cannot access the app without administrator credentials. You are in full control of your data.

Data breach response:
We implement modern techniques such as input validation, encrypted storage, and SQL injection prevention to protect your data. However, breaches caused by weak admin passwords, unpatched server vulnerabilities, or third-party mismanagement are outside our control. For those issues, please consult your application administrator.