Your Data Rights Under GDPR

Last updated: March 17, 2026

Resolve is committed to protecting your personal data and respecting your privacy. This page explains how we collect, process, and store your data, and how you can exercise your rights under the General Data Protection Regulation (GDPR).

1. What Data We Collect

When you use Resolve, we collect and process the following data:

• Account information: name, email address, and profile avatar (provided via your authentication provider).
• Decision data: decisions you create, stakeholder inputs you submit, comments, action items, and resolution details.
• Usage data: activity logs, notification history, and feature usage patterns.
• Billing data: subscription plan, seat count, and billing interval (payment details are processed by Stripe and never stored on our servers).
• Integration data: encrypted OAuth tokens for connected services (Slack, Jira, Teams, Notion).

2. How We Process Your Data

• Service delivery: to provide the Resolve decision platform, including AI-powered briefs and consensus analysis.
• Communication: to send decision notifications, weekly digests, and account-related emails.
• Improvement: to analyze aggregate usage patterns and improve the product (never individual data).

3. Where Your Data Is Stored

Your primary database is hosted on Supabase infrastructure in EU West 1 (Ireland). Application compute runs on Vercel in London (UK). Some sub-processors (authentication, AI processing, payment processing, email delivery, error monitoring) are based in the United States. For a full list, see our Sub-processor List. Where personal data is transferred outside the EU/EEA, transfers are protected by Standard Contractual Clauses or EU-U.S. Data Privacy Framework certifications.

4. Data Retention

We retain your data for as long as your account is active. Teams on paid plans can configure custom retention policies (1–25 years) for compliance purposes. When you delete your account, personal data is removed within 30 days, except where longer retention is required by law.

5. Your Rights

Under GDPR, you have the following rights:

Right of Access (Article 15)

You can view a summary of all data we hold about you in Settings → Data & Privacy.

Right to Data Portability (Article 20)

You can export all your data as a structured JSON file from Settings → Data & Privacy → Export My Data.

Right to Erasure (Article 17)

You can request deletion of all your data from Settings → Data & Privacy → Request Data Deletion. We will process your request within 30 days.

Right to Rectification (Article 16)

You can update your name and profile information in Settings → Profile. Email changes are managed through your authentication provider.

Right to Restrict Processing (Article 18)

Contact us at privacy@resolvemeetings.app to restrict processing of your data while we address your concerns.

6. AI Processing

Resolve uses AI (OpenAI) to generate decision briefs, analyze consensus, and suggest action items. AI processing is always:

• Human-in-the-loop: AI generates recommendations; humans make the final decision.
• Documented: all AI outputs are logged and auditable.
• Non-training: your data is never used to train AI models (per our OpenAI data processing agreement).

This human-in-the-loop architecture aligns with the EU AI Act (effective August 2026) requirements for human oversight of AI-assisted decisions.

7. Contact

For any data protection questions or to exercise your rights, contact:

• Email: privacy@resolvemeetings.app
• Data Protection Officer: Available on request for Enterprise plan customers.