EU Data Protection

Updated January 10, 2023

Stacksync prioritizes customer trust. We know that the safekeeping of customer data is critically important to our customers’ values and operations. That is why we keep it private and safe.

Stacksync helps customers maintain control of privacy and data security in multiple ways:

  • Data Security: Stacksync complies with high security standards, such as encryption of data in transit and at rest, focus on latest regulations, and a support team that is on-call when you need it.

  • Disclosure of Customer Data: Stacksync only discloses customer data to third parties where disclosure is necessary to provide the services or as required to respond to lawful requests from public authorities.

  • Trust: Stacksync has developed security protections and control processes to help our customers ensure a secure environment for their information. Stacksync adheres to high industry standards.

  • Access Management: Stacksync provides an advanced set of access and encryption features to help customers effectively protect their information. We do not access or use customer's data for any purpose other than providing, maintaining and improving the Stacksync services and as otherwise required by law.

What is Customer Data?

Customer Data is any information, including personal data, which is replicated via the Stacksync services, by, or on behalf of, our customers and their end-users.

Who owns control of the Customer Data?

From a privacy perspective, the customer is the controller of Customer Data, and Stacksync is a processor. This means that throughout the time that a customer subscribes to services with Stacksync, the customer retains ownership of and control over Customer Data in its account.

Who are Stacksync’s sub-processors?

Stacksync maintains an up-to-date list of the names and locations of all sub-processors (including members of the Stacksync subsidiaries and third parties) used for hosting or other processing of Customer Data, which can be found in our Stacksync Subprocessors documentation. The list may also be obtained by contacting security@stacksync.com.

How does Stacksync process Customer Data?

Stacksync replicates data from Customer databases and cloud sources, processes and loads it into the Customer’s destination. This can also be done in a bidirectional manner, from and to connected applications (“apps”) also named “Services” or “External Platforms”.

To learn more about our data handling and retention periods, see our technical documentation.

What steps does Stacksync take to secure Service Data?

Stacksync prioritizes data security and combines enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure customer and business data is always protected.

Where will Customer Data be stored?

Stacksync runs data connectors on servers in various locations such as in the United States (US), Canada, European Union (EU), United Kingdom (UK), Australia, and Singapore (non exhaustive list). When customers connect an app, they select the region to be used for the processing and storage of the encrypted data. If customers configure their connectors to use our EU servers, their data will not leave the EU during processing including connectors that sync webhooks and event data. See our Stacksync Data Residency documentation for details. Customer Data is cached on Stacksync servers while operations are running, and is purged from Stacksync's system as soon as it is deleted in the connected app. See our Data Retention documentation for details.

How does Stacksync Respond to Information Requests?

Stacksync recognizes that privacy and data security issues are top priorities for customers. Stacksync does not disclose Customer Data except as necessary to provide its services to its customers and comply with the law as detailed in our Privacy Policy.

GDPR (General Data Protection Regulation)

Stacksync has a strong commitment to privacy, security, compliance and transparency. This includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”).

If a Stacksync customer collects, transmits, hosts or analyzes personal data of EU citizens, GDPR requires the company to comply with specific technical and organizational requirement. Stacksync does not persistently store Customer Data but we nevertheless assist customers to meet their obligations to:

  • Respond to requests from data subjects to correct, amend or delete personal data;

  • Report personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR time frames;

  • Demonstrate compliance with the GDPR as pertaining to Stacksync’s services.

How does the GDPR apply to customers?

Stacksync customers that collect and store personal data are considered data controllers under the GDPR. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law, including the GDPR.

What implications does GDPR have for organizations processing the personal data of EU citizens?

One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.

How has Stacksync been preparing for the GDPR?

Stacksync’s Services are designed with privacy and security at core. It is therefore GDPR-native in a sense. Additionally, our privacy team is continuing its review of Stacksync’s current product features and practices (including adding features such as column exclusion and column hashing) to ensure we support our customers with their GDPR compliance requirements.

Which Stacksync services and features can support customers compliance with the GDPR?

All Stacksync services are GDPR compliant, so customers can use any available Stacksync service and remain GDPR compliant.


Questions?

We're always happy to help with any other questions you might have! Send us an email at privacy@stacksync.com.

Last updated