Piesync and GDPR
Is Piesync GDPR compliant?
The EU General Data Protection Regulation (GDPR) privacy law has become enforceable on May 25th, 2018. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site. One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely.
To define the responsibilities of software companies working with customer data, GDPR makes a distinction between data processors and controllers. PieSync is both.
PieSync acts as a controller of your data as a customer. At PieSync, we consider data and security protection in a GDPR compliant manner extremely valuable. Even before GDPR, we already applied a very strict policy to guarantee privacy for our customers. Under GDPR ruling, please now refer to our updated terms and conditions to inform you on how we work with your data. The latter now also includes a data processing annex to ensure we can act as a data processor for your company.
This data processing annex is needed because inside the GDPR framework, PieSync also acts a data processor because in any sync the data needs to go through PieSync from one app to the other. Geographically, this data will pass through AWS/Amazon US servers, which is probably the same environment that your original data already resided on. Of course, adequate encryption measures are in place to ensure this data can not be read into.
Even though we act as a data processor here, there is little to none of your end customer's data stored on PieSync's platform. We do store the unique identifiers (often e-mail addresses of the contacts) and hashes so that we can make the sync work over time. We also will store your connection details, in a secure way, so that we can access your databases at all time. Again, this is so that we can have our sync work, let PieSync do its thing, which helps you save time :)