This GDPR Positioning Statement explains IECC's assessment of how the EU General Data Protection Regulation (Regulation 2016/679) applies to The Ivory Index and associated services. This document is informational and does not constitute legal advice.
Accurate Assessment. IECC does not claim that GDPR obligations "do not apply." Rather, certain GDPR obligations are materially reduced in scope by the local-first architecture of the Software, and IECC implements appropriate measures for the processing that does occur via web-based services.
Article II — Software Architecture & GDPR
2.1 No Server-Side Processing
The Ivory Index desktop Software processes all User profile data locally on the User's device. Data does not traverse IECC's servers. Accordingly:
GDPR obligations concerning cross-border data transfers (Chapter V) are not triggered by Software use
GDPR Article 30 (Records of Processing) obligations are reduced with respect to Software-resident data
GDPR data breach notification obligations (Articles 33–34) are not triggered by local device incidents outside IECC's control
2.2 AI Processing Localisation
AI inference is performed by Ollama running locally at localhost:11434. No User content is transmitted to remote AI services by the Software's default configuration. Users who configure third-party API integrations do so at their own election and under those third parties' terms.
Article III — Website Processing
IECC's website and marketing services may involve processing of EU/EEA individuals' personal data (e.g., IP addresses via Google Fonts, support email correspondence). For such processing, IECC:
Relies on legitimate interests or consent as applicable legal bases
Implements appropriate technical and organisational measures
Does not engage in automated profiling with legal or similarly significant effects
Article IV — Data Subject Rights
For website-processed data, EU/EEA individuals may exercise rights under Articles 15–22 GDPR by contacting legal@imperialecc.com. IECC will respond within the statutory timeframes to the extent applicable law requires. For Software data residing on-device, the User exercises control directly.
Article V — DPO Status
IECC has not formally designated a Data Protection Officer at this stage of operations. A Privacy Contact has been designated to handle data enquiries. IECC will appoint a formal DPO if and when its processing operations reach the threshold triggering mandatory DPO designation under Article 37 GDPR.
Article VI — Supervisory Authority
Where GDPR applies, EU/EEA individuals retain the right to lodge a complaint with the supervisory authority in their Member State of residence. IECC is registered in the Cayman Islands and is not subject to EU supervisory authority jurisdiction except where GDPR's extraterritorial provisions apply.
Drafted with the assistance of
Voidlex
Imperial Legal Intelligence · IECC Suite · v2.6
This document was prepared with the assistance of Voidlex, a legal document
drafting tool developed by Imperial Eminence Cyberguard Corporation (IECC).
Voidlex is a drafting aid only. It does not constitute legal advice, does not
practice law, and does not guarantee the legal enforceability of this document in any
jurisdiction. Users are strongly encouraged to seek independent legal counsel before
relying on this document for commercial, regulatory, or enforcement purposes.
Governing Law — All DisputesCayman Islands · Grand Court of the Cayman Islands
