KALO IQ is GDPR compliant

What GDPR compliance means at KALO IQ

The GDPR is the EU data-protection law that sets how personal data must be collected, stored and used. Compliance means KALO IQ handles data under those rules, with a lawful basis for processing and a clear route for people to access or delete their data.

Why it matters even for a US-focused platform

KALO IQ verifies US creators. The people using the platform and some data flows can still touch EU residents. Handling data to the GDPR standard means your team uses KALO IQ without inheriting a compliance gap.

What is covered

Lawful processing, data-subject rights including access and erasure, plus a privacy policy that states plainly what is collected and why. The detail lives in the privacy policy.

What it does not mean

GDPR compliance is a data-handling standard, not a badge any single body issues. It does not certify anything beyond how data is processed. It is not legal advice for your own GDPR obligations.

In one line

Personal data handled to the EU standard, with real access and deletion rights.

The data rights you have under GDPR

The GDPR gives people specific rights over their personal data. A compliant platform has to honour all of them rather than pick and choose. The right of access lets you ask what data is held about you. The right to erasure lets you ask for it to be deleted. The right to rectification lets you correct data that is wrong. The right to restrict or object lets you limit how your data is used. KALO IQ supports each of these through the privacy policy, with a defined route to make a request rather than a vague promise to act in good faith.

How a creator or user exercises those rights

A request starts with the contact route in the privacy policy. Once identity is confirmed, an access request returns the personal data held. An erasure request removes it within the timeframe the GDPR sets. The identity check matters, since handing someone else's data to the wrong person would itself be a breach. For most people the practical version is simple. You ask, your identity is verified, then the data is shown or deleted.

Why this sits alongside US creator verification

KALO IQ verifies US creators. But the people running campaigns, signing in and exchanging messages can be anywhere, including the EU. Handling all personal data to the GDPR standard means a brand in Berlin or a creator in Dublin using the platform is covered the same way a US team is. It is the higher bar, applied across the board, so nobody using KALO IQ inherits a compliance gap from the way the data is handled.