Last Updated: February 27, 2026

GDPR Privacy Notice

This GDPR Privacy Notice (“GDPR Notice”) supplements the ServiceLlama Privacy Policy and applies to individuals located in the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland. It explains how Service Llama LLC (“ServiceLlama,” “we,” “us,” or “our”) processes your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK General Data Protection Regulation (“UK GDPR”).

Data Controller

Service Llama LLC is the data controller for the personal data we collect directly from you when you use our Websites, App, and Service. Where we process personal data on behalf of our Account Owners (for example, End User data), we act as a data processor and the Account Owner is the data controller.

Service Llama LLC
247 West 35th Street, Suite 9R
New York, NY 10001
United States
privacy@servicellama.com

EU Representative

ServiceLlama is based in the United States and does not currently maintain an establishment in the European Economic Area. At this time, we do not actively target or monitor individuals in the EEA as part of our Service, and accordingly have not yet designated a representative in the EU under Article 27 of the GDPR.

Should our processing activities change such that the appointment of an EU representative is required, we will update this notice promptly with their contact details. In the meantime, individuals in the EEA may contact us directly with any data protection inquiries at privacy@servicellama.com.

Legal Bases for Processing

We process your personal data only where we have a valid legal basis under the GDPR. The table below describes the legal bases we rely on for each processing purpose:

Processing PurposeLegal Basis
Providing and operating the Service, processing transactions, account administrationPerformance of a contract (Art. 6(1)(b)) — necessary to fulfill our obligations under our Terms of Service
Sending transactional communications (e.g., invoices, security alerts, service updates)Performance of a contract (Art. 6(1)(b))
Fraud detection and prevention, security monitoringLegitimate interests (Art. 6(1)(f)) — protecting the security and integrity of the Service and our users
Improving and analyzing the Service, analytics, and usage trendsLegitimate interests (Art. 6(1)(f)) — improving and developing our Service
Marketing communications (e.g., newsletters, product updates)Consent (Art. 6(1)(a)) — you may withdraw consent at any time
Cookies and tracking technologies (non-essential)Consent (Art. 6(1)(a)) — managed through our cookie consent banner
Compliance with legal obligations (e.g., tax, regulatory requirements)Legal obligation (Art. 6(1)(c))
AI Tools — facilitating use and improving outputsLegitimate interests (Art. 6(1)(f)) — providing and improving the Service

Categories of Personal Data

We process the following categories of personal data as described in our Privacy Policy:

  • Identity data (name, username, job title)
  • Contact data (email address, phone number, mailing address)
  • Financial data (payment method details, billing information)
  • Technical data (IP address, browser type, device information, cookies)
  • Usage data (how you interact with our Service, features used, pages visited)
  • Location data (approximate and, if enabled, precise geolocation)
  • Content data (photos, notes, and other materials uploaded to the Service)
  • Communications data (records of correspondence with us or facilitated through the Service)

International Data Transfers

ServiceLlama is based in the United States. If you are located in the EEA, UK, or Switzerland, your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

To ensure adequate protection for your personal data when transferred outside the EEA/UK, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs) — approved by the European Commission, incorporated into our agreements with sub-processors and data partners;
  • UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs — as applicable for transfers from the UK; and
  • Additional technical and organizational security measures to protect your data in transit and at rest.

For a list of our sub-processors and the countries in which they operate, please see our Sub-Processors page.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When determining retention periods, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes through other means.

When personal data is no longer required, we will securely delete or anonymize it. For further information, see the “Retention” section of our Privacy Policy.

Your Rights Under the GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights in relation to your personal data:

RightDescription
AccessRequest a copy of the personal data we hold about you.
RectificationRequest that we correct any inaccurate or incomplete personal data.
ErasureRequest that we delete your personal data, subject to certain exceptions (e.g., legal obligations).
Restriction of ProcessingRequest that we restrict the processing of your personal data in certain circumstances.
Data PortabilityRequest to receive your personal data in a structured, commonly used, machine-readable format.
ObjectionObject to processing based on legitimate interests, including profiling, and to direct marketing.
Withdraw ConsentWhere processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Lodge a ComplaintYou have the right to lodge a complaint with your local data protection supervisory authority.

How to Exercise Your Rights

To exercise any of the rights described above, please contact us at:

Email: privacy@servicellama.com
Mail: Service Llama LLC, 247 West 35th Street, Suite 9R, New York, NY 10001, Attn: Privacy Officer

We will respond to your request within one (1) month. In certain circumstances, we may extend this period by up to two (2) additional months, in which case we will notify you of the extension and the reasons for it.

If your personal data is processed by us on behalf of an Account Owner (i.e., we are acting as a data processor), we will direct your request to the relevant Account Owner and assist them in responding.

Automated Decision-Making

ServiceLlama does not currently engage in solely automated decision-making (including profiling) that produces legal or similarly significant effects on individuals. If this changes, we will update this notice and provide information about the logic involved and the significance of such processing.

Cookies

For information on the cookies we use and how to manage your preferences, please see the “Cookies & Other Automatic Data Collection and Tracking Methods” section of our Privacy Policy. When you visit our Websites from the EEA, UK, or Switzerland, we will present a cookie consent banner allowing you to accept or reject non-essential cookies before they are set.

Changes to This Notice

We may update this GDPR Notice from time to time. If we make material changes, we will notify you by email or through the Service. The “Last Updated” date at the top of this notice indicates when it was last revised.

Contact Us

If you have any questions about this GDPR Notice or our data processing practices, please contact us at:

Email: privacy@servicellama.com
Mail: Service Llama LLC, 247 West 35th Street, Suite 9R, New York, NY 10001, Attn: Privacy Officer