Caugia operates in the European Union and processes personal data under the GDPR. This page summarises our posture; the full Data Processing Agreement (DPA) is available on request at contact@caugia.com.
Controller and DPO
The data controller for workspaces on os.caugia.com is Caugia, represented by the founder-CEO. We have not yet appointed an external Data Protection Officer; the founder is the named privacy contact until a dedicated hire lands. Contact: privacy@caugia.com, cc contact@caugia.com.
Categories of personal data processed
We process the minimum data required to operate the product:
- Account data: email address, display name, locale preference, authentication identifiers.
- Workspace content: company name, go-to-market metrics, diagnostic answers, action and gate state.
- Connector data: revenue, retention, pipeline, and marketing data ingested from the integrations you authorise.
- Usage data: Sophie turn counts, page views, feature toggles, anonymised telemetry.
Lawful bases
We rely on the following lawful bases for processing:
- Contract (Article 6(1)(b)): to provide the service you have subscribed to.
- Legitimate interest (Article 6(1)(f)): for product telemetry, fraud prevention, and security monitoring.
- Consent (Article 6(1)(a)): for optional marketing communications and AI-driven suggestions that you have explicitly enabled.
Your rights as a data subject
Under GDPR you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate personal data.
- Erase personal data (right to be forgotten) where lawful.
- Restrict processing in defined circumstances.
- Object to processing based on legitimate interest.
- Data portability in a structured, machine-readable format.
- Lodge a complaint with a supervisory authority.
How to exercise your rights
Email privacy@caugia.com with a description of your request. We acknowledge within 7 days and respond substantively within 30 days, consistent with GDPR timelines.
Last updated 2026-04-24.
← Back to trust hub