Updated on 5.21.2018
GDPR stands for the General Data Protection Regulation and is effective as of May 25th, 2018. GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU.
Our policy is to respect all laws that apply to our business and this includes GDPR. We also appreciate that our customers have requirements under GDPR. We are committed to helping our customers stay in compliance with GDPR.
Yes. We process personal data to provide our products and services only. We do not collect or process personal data for any other purpose than to provide requested services to our customers.
As a processor of personal data for many of our customers, we will assist our customers with responding to individual rights requests that they receive under the GDPR.
We provide our customers with secure, fast, and reliable services. As a provider of global services, we run our services with common operational practices and features across multiple jurisdictions. Today, we store data in data centers located in various/redundant areas across the US. All data is sent encrypted, and all personal data is encrypted at rest. Our data center providers (Rackspace and Amazon Web Services) are fully compliant and hold the required Compliance and Security certifications (ISO/ IEC 27001, ISO 14001, ISO 18001, ISO 9001, SOC 1 (SSAE 18), SOC 2, SOC 3, PCI DSS Level 1, FedRAMP JAB P-ATO, NIST 800-53, FISMA, NIST 800-171 (“DFARS”), CJIS, ITAR, FIPS 140-2, HITRUST, HIPAA, HITECH, Privacy Act, Swiss-US Safe Harbor, Content Delivery & Security Association (CDSA), Tech UK Member).
We have implemented organizational and technical safeguards to secure our users’ data, in compliance with GDPR requirements. Our users’ personal data is pseudonimized when stored, and further encrypted if it is being transferred.
COMPAS uses few sub-processors for handling/processing customer data. These include: Rackspace (Data Hosting), AWS Amazon (Data Hosting), Sendgrid (Email provider), Twilio (SMS/Texting).
COMPAS complies with the framework outlined in the EU-US Privacy Shield as designed by the U.S. Department of Commerce and the European Commission. COMPAS is in the process of actively pursuing certification.