Data storage location

Comments

11 comments

  • Official comment
    Avatar
    Sara Kaplow, Community Manager
    Update on this one:
    Our team reached out to our security auditor, as this has been a frequent question related to GDPR, and I wanted to make sure we had a full explanation. Here's what they've told us: 
     
    GDPR does not require you to house all data collected on EU data subjects in the EU. GDPR allows you to operate as a data controller outside the EU if you are GDPR compliant and if you provide sufficient guarantees to the data controller that you are GDPR compliant. 
     
    We believe we have met those standards, and as such, continue to store our data on Amazon Web Services (which is also GDPR compliant). 
     
     
    So, this remains a feature request, but is not considered a requirement of GDPR. 
    Comment actions Permalink
  • Wanted to make sure that the information made it here, too - we're working on becoming GDPR compliant. I'll update this post if/when we get more information. 

    0
    Comment actions Permalink
  • Avatar
    Pierre Remy

    Same question here for the same reasons, or if you have a "on premise" version...

    0
    Comment actions Permalink
  • Avatar
    Länsförsäkringar Skaraborg

    Any news on this?

    0
    Comment actions Permalink
  • Avatar
    Sara Kaplow, Community Manager

    Hi Jonas,

    I should have news for you on this (and all GDPR-related inquiries) quite soon - I'll update here as soon as I can. Thanks for your patience!

    0
    Comment actions Permalink
  • Avatar
    Länsförsäkringar Skaraborg

    Still no news?

    0
    Comment actions Permalink
  • Avatar
    KENNETH BRYAN PIAMONTE

    Hey Lans,

    I found something on their articles section, hope this might help ya:

    https://help.gocanvas.com/hc/en-us/articles/360010186193-Is-GoCanvas-GDPR-compliant-

    0
    Comment actions Permalink
  • Avatar
    Keith McQuait

    The very first post asked about data storage locations. We just went through something like this with our legal department. Troy knows what happened. I would talk to him.

    We had another company who we were using (unrelated to GoCanvas) who was US based and moved everything (including our data) to servers in Asia without telling us.

    Our legal department has been very sensitive about this issue ever since.

    0
    Comment actions Permalink
  • Avatar
    Länsförsäkringar Skaraborg

    As it's not stated in your Privacy Policy what partners you are using (and disclosing information to) and where they store and process your/our information, we as customers are not enough ensured that all of them comply with GDPR - and that the data is not transferred to third parties in unknown countries by you or them. 

    The main purpose of GDPR is to protect information so that it's not abused. Your Privacy Policy do not ensure this in it current form.

    0
    Comment actions Permalink
  • Avatar
    Sara Kaplow, Community Manager

    Our data is stored in AWS East, which is GDPR compliant. 

    0
    Comment actions Permalink
  • Hi again Canvas,

    You do not intend to become a part of the "Privacy Shield" program - to even further assure your international customers that you take data protection seriously?

    https://www.privacyshield.gov/Program-Overview

    1
    Comment actions Permalink

Please sign in to leave a comment.