title image

GDPR & CalOPPA Compliance

Below is a checklist of the steps we’ve taken to be GDPR compliant. We’ve also included related tasks such as additional security measures.


CalOPPA compliancy checkpoints are listed below that.


Research and compliance documentation, including hard copies detailing steps taken for compliancy.

The right of access/right to rectification of personal data (via the Hub).

The right to erasure (also known as the ‘right to be forgotten’) policy and functionality across our services, in our billing system, webmail client, control panels and client portal, and blog comments where applicable.

Data retention policy automation so that unneeded personal data is automatically deleted from our billing system and client portal (if not requested by the individual before that point).

Two factor authentication (2FA) implemented for all staff and made available to customers for their own account security.

SSL certificate installed on Lyrical Host website and all subdomains.

Express consent proof of email marketing via double-opt in.

Customers are able to request a report of the data we hold about them.

Changes to consent for email preferences automatically logged.

Servers in the EEA.

PCI-compliant datacenter.

Personal data only stored and processed in the EEA and/or with EU-US Privacy Shield compliant companies.

Client personal data secured online in our closed and protected billing & customer management system.

Hard backup of client data stored on hard drives in fireproof wallets in a locked safe.

Web Application Firewall.

Registered with the ICO.

Updated privacy policy to be GDPR compliant.

GDPR compliant cookie policy.

GDPR compliant cookie controls.

Anonymized IP addresses in Google Analytics.

Optin to obtain consent on comments to retain data.


Users can visit our website anonymously (via a proxy and/or through our automatic anonymization of IP addresses and/or by selecting their choice of cookies on arrival).

Our Privacy Policy is linked to from the homepage, can easily be found (in the footer), and the link includes the word ‘Privacy’.

Users will be notified of any privacy policy changes on our Privacy page.

Users are able to update their personal information by email, live chat, or support ticket.

We honor “Do Not Track” signals and do not track or plant analytics or marketing cookies, or use advertising when in place.

Further information can be found in our Privacy Policy and Terms and Conditions.