Legal

GDPR Compliance

This page summarizes the GDPR-oriented controls Pacthaven should support as a B2B service procurement platform.

Last updated: 17 May 2026

This is a first-launch public information draft. It gives the product a responsible legal surface, but it should be reviewed by qualified counsel before production use.

Controller and processor roles

The platform operator will often act as controller for account, security, moderation, and marketplace operation data. Buyer and provider content may require clearer controller/processor analysis before launch.

Lawful bases

Expected lawful bases may include contract performance, legitimate interests, legal obligations, and consent where optional processing is introduced. Each processing activity should be mapped before production.

Data subject rights

Operational processes should support access, correction, deletion, restriction, objection, portability, and complaint handling where applicable.

Security measures

Server-side authorization, protected file downloads, least-privilege admin access, audit logging, and careful notification content are core privacy and security controls.

International transfers and vendors

Hosting, email, analytics, and storage vendors should be documented with transfer safeguards, subprocessors, and data processing agreements before production use.