Skip to main content
Last updated: 22.09.2025 At Molin AI, we work hard to comply with the EU General Data Protection Regulation (GDPR) to ensure that we fulfill our obligations and maintain transparency about customer messaging and how we use data.

What’s GDPR?

The GDPR is a comprehensive data protection law that came into effect on May 25, 2018.
It replaced existing EU law to strengthen the protection of personal data and the rights of individuals.
GDPR is a single set of rules that governs the processing and monitoring of EU data.

Does it affect me?

Yes, most likely.
If you hold or process the data of any person in the EU, the GDPR applies to you — whether you’re based in the EU or not.

How Molin AI complies with GDPR

  • Molin AI helps you meet your data portability requirements: you can export all data linked to an individual and permanently delete all user-linked data.
  • We automatically expire data on visitors who have not been seen in 9 months, to comply with GDPR retention rules.

GDPR — US Surveillance Protection

Molin AI carefully considers all third-party requests for data, including from law enforcement or national security agencies. As policy, we do not share information that does not belong to the requesting party.
We respond only to legally binding requests (e.g. court order, subpoena, warrant, or other valid legal demand). Where allowed by law, we notify customers of such requests and work with them if they wish to challenge or limit disclosure.

Our Data Processing Addendum (DPA)

The DPA, incorporating the new SCCs issued by the European Commission on June 4, 2021, is included in the Terms of Service that govern Molin AI services — no separate signature required. Our DPA sets out strong data protection commitments and the terms for Molin AI and our customers to meet GDPR obligations.
It is available for customers to review or sign upon request.
Please note: We cannot accept alterations to our DPA.
If you have specific questions, please contact us.

Certified for International Data Transfers

To meet GDPR’s requirements for cross-border data transfers, Molin AI participates in:
  • EU-U.S. Data Privacy Framework (DPF)
  • UK Extension to the EU-U.S. DPF
  • Swiss-U.S. Data Privacy Framework
as set forth by the U.S. Department of Commerce.
For more details, see our Privacy Policy.

Our Data Protection Officer

We have a dedicated Data Protection Officer (DPO) who oversees and advises on data management practices.
You can reach them at legal@molin.ai.

Coordination with Our Vendors

Where applicable, we require third-party vendors to enter into data processing agreements to ensure customer data remains protected under GDPR and consistent with our obligations.

Encryption

All data sent to or from Molin AI is encrypted in transit using 256-bit encryption.
We also encrypt data at rest. We continuously monitor new regulatory guidance and may update our data practices to maintain compliance.
I