At Gorilla, we are committed to meeting the requirements of the General Data Protection Regulation (GDPR) and to handling customer data with a high standard of care, transparency, and security. As a Cyprus-based company operating within the European Union, we build data protection into how our platform is designed, built, and operated.

This page provides an overview of our GDPR-relevant practices and documents for customers, legal teams, and regulators.

Key Documents & Legal Frameworks

• Data Processing Agreement (DPA)

  Outlines our GDPR-aligned data processing obligations, including our use of subprocessors. Data Processing Agreement (DPA)

• Transfer Impact Assessment (TIA) Information

  Explains how Gorilla addresses international data transfers, including legal bases and risk mitigations. Transfer Impact Assessment Overview

• List of Subprocessors

  Provides transparency into our third-party providers and where they operate. Subprocessor List

• Security Whitepaper

  Describes our technical and organizational security controls under Article 32 GDPR. Security Whitepaper

Data Subject Rights & Requests

Gorilla supports data subject rights as defined under Articles 12–23 of the GDPR, including:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to data portability (Art. 20)
• Right to object or restrict processing (Art. 18–21)

Requests can be submitted by contacting us at legal@gorilla.security. We will respond in accordance with GDPR timelines and legal requirements.

Data Portability & Deletion

• Export: Customers may request data exports by emailing legal@gorilla.security.