Skip to main content
All CollectionsLegal
Is Flusk GDPR compliant?
Is Flusk GDPR compliant?
Updated over 9 months ago

At Flusk, we recognize that the General Data Protection Regulation (GDPR) is a crucial concern, particularly when it comes to safeguarding your customer data. This article provides detailed information about our policies and practices that ensure GDPR compliance.

TL:DR - The Flusk tools are compliant with the European GDPR

If you'd like to gain insight into how we handle the processing of your app's data and address privacy concerns, we suggest you read our comprehensive article on the topic. The link to this article can be found here: How does Flusk Vault process your application data and protect your privacy?

GDPR Compliance: How Flusk Achieves It

It is essential to note that the information in this article is based on our most recent GDPR audit, titled "Compliance Consultation on Personal Data Processing," conducted by the French Law Firm "Cabinet d’Avocats Benhammou" on March 6th, 2023.

We are proud to say that our company has successfully passed an audit to prove our compliance with the General Data Protection Regulation (GDPR). This regulation is essential in ensuring the protection of personal data, and we take it very seriously.

Our success in becoming GDPR compliant is due to the implementation of the following measures:

Data Processing Register

We have established a data processing register that documents all the processes for collecting and processing data. This register allows us to monitor and ensure that all data collection and processing is compliant with GDPR requirements. We carefully scrutinize each process to verify that they have a legal basis, the duration of data retention is respected, and other relevant criteria.

Hosting Location

it is essential to note that we host sensitive data about our client's app structure in Frankfurt, Germany, to fully comply with GDPR regulations. The GDPR requires that personal data should only be transferred to countries outside the EU or EEA if those countries have an adequate level of protection in place. Since Germany is an EU member state, it is considered to have adequate data protection laws in place. Therefore, we ensure that our client's data is stored in a location that fully complies with GDPR regulations.

Server Standards

Flusk's servers and databases follow the following compliance and standards to guarantee the safety of your data:

  • SOC 2 Type II

  • ISO 27001:2013

  • ISO 9001:2015

  • ISO/IEC 27701 new

  • PCI Compliance (ASV Network Scan)

  • Regular Penetration Testing by Clone Systems

Identification of Data Sub-processors and Recipients

We identify and document all sub-processors and recipients of personal data. This allows us to ensure that their activities comply with GDPR requirements and that they have adequate measures in place to protect personal data.

You can find the signed versions of the different Data Processing Agreement Addendums here:

High-Level Security Systems

We have implemented high-level security systems to ensure the effective protection of personal data collected and processed.

These systems are designed to prevent unauthorized access, data breaches, and other threats to personal data.

We are committed to maintaining our compliance, and we continuously review our data processing practices to ensure that they remain compliant with the regulation.

Data Collection, Processing and Consent

Another critical aspect of GDPR compliance is ensuring that users' data is collected, processed, and stored in a transparent manner. Therefore, we have implemented measures to ensure that users' data is collected transparently. For instance, we do not use tracking and advertisement cookies until the user has agreed to the cookie banner. This ensures that we obtain explicit consent from users before collecting any data, as required by the GDPR.

If you'd like to gain insight into how we handle the processing of your app's data and address privacy concerns, we suggest you read our comprehensive article on the topic. The link to this article can be found here: How does Flusk Vault process your application data and protect your privacy?

Communications Consent

We also ensure that our customers are in control of their data by asking for their approval before sending any marketing communications, such as emails or newsletters. This measure ensures that users have complete control over their data and only receive communications they have explicitly agreed to receive.

Conclusion

In conclusion, our company achieves GDPR compliance through rigorous measures such as maintaining a data processing register, identifying sub-processors and recipients, and implementing high-level security systems. We will continue to take GDPR compliance seriously and maintain the highest standards of data protection for our clients.

Did this answer your question?