GDPR Privacy Notice

This Notice is intended for individuals located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”) and serves as a supplement to our general Privacy Policy. Our processing of personal data for individuals in the EEA is governed by the European Union's General Data Protection Regulation (“GDPR”). For individuals in the UK, our processing of personal data is subject to the Data Protection Act 2018, which incorporates the GDPR as the UK GDPR. Throughout this Notice, references to the 'GDPR' include both the EU GDPR and the UK GDPR.

Yes, Thunder Client is based in Ireland (EU) and fully adheres to the GDPR framework. Here are the measures we have put in place to ensure compliance:

• Our comprehensive privacy policy outlines the types of data we collect, how we retain and transfer it, and your rights regarding data protection.
• To exercise your data protection rights, please contact us. We will comply with your request to the extent required by applicable law
• We provide a Data Processing Addendum (DPA) for your convenience and transparency.
• Our GDPR compliance practices are reviewed by independent consultant Atoro to ensure adherence.

For information collected via our website, we operate as the Controller of your personal data. For data processed through our API testing extension, we do not collect or store any personal data, as all information is saved locally on your device. In instances where we act as a Processor, we handle customer data according to their instructions and agreed-upon terms. If you have any questions about our privacy or data protection practices, please contact us at info@thunderclient.com.

Children under the age of 13: Our Website and services are not intended for children under 13 years of age, and no one under age 13 may provide any personal information to us or through the Website or our services. We do not knowingly collect personal information from children under age 13. If you are under 13, do not use or provide any information on our Website or on or through our services. If we learn that we have collected personal information from a child under age 13, we will delete it. Additionally, If we discover or have reason to believe that you are under the age of 13, we will terminate your account. If you believe we might have any personal information from or about a child under age 13, please contact us at info@thunderclient.com.
Personal and Sensitive Personal Information: Thunder Client is committed to protecting your privacy and does not store customer data, with the exception of login information necessary for account access. We do not intentionally collect any personal data or sensitive personal data from our users during your use of the application. Your API requests and interactions remain private and are not stored on our servers. For more details on the information we collect from you, how we collect it, and how we share it, please refer to our privacy policy.

Thunder Client uses Microsoft Azure for website and database hosting. Our server infrastructure is located in the EU, and Microsoft Azure adheres to the EU-U.S. Privacy Shield framework. Microsoft is committed to handling all data traffic in compliance with EU data protection legislation.

Under the law, you are granted six fundamental rights regarding the processing of your personal data. We commit to responding to your requests for exercising your data subject rights without undue delay and within a maximum of 30 days. If your request is particularly complex, we may extend our response time to a maximum of three months. In rare cases, for official or legal reasons, we may be unable to fulfill specific requests related to your rights. In such cases, we will inform you of our reasons for considering your request to be manifestly unfounded or excessive. As a data subject, you have the right to:

• The Right to Confirmation: You have the right to request confirmation of whether we process personal data related to you and, if so, to request a copy of that personal data.
• The Right to Rectification: You have the right to request that we rectify or update any personal data that is inaccurate, incomplete, or outdated.
• The Right to Erasure: You have the right to request that we erase your personal data under certain circumstances, unless otherwise stipulated by applicable laws.
• The Right to Restriction of Processing: You have the right to request that we restrict the use of your personal data in certain circumstances, such as while we are analyzing another request you have submitted (including a request for updates to your personal data).
• The Right to Data Portability: You have the right to request that we export your personal data to another company, where technically feasible.
• The Right to Withdraw Consent: Where the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. In some instances, you may also have the right to object to the processing of your personal data.

To exercise your data protection rights, please contact us. We will comply with your request to the extent required by applicable law. Please note that we will not be able to respond to your request if we no longer hold your personal data. If you believe you have not received a satisfactory response from us, you may have the right to file a complaint with the competent supervisory authority in your country.