Security and privacy have always been a key priority for Chartio. We are on a mission to help companies unlock the potential of their data - and that requires trust. Trust that your data is safe and secure while using Chartio. Trust that your data remains private and under your control while using Chartio. Providing a transparent look at our security and privacy roadmap over the next few months is an important step in order to maintain that trust in light of upcoming regulations and the overall cybersecurity landscape.
On May 25th, 2018, The EU GDPR (General Data Protection Regulation) will go into effect. This regulation enhances the data privacy protections for European Union citizens and is a mandatory requirement for any company with access to personal data of EU citizens. Chartio is both a controller and processor in the context of GPDR with many customers in the EU - meaning we are actively working on GDPR preparations.
Chartio is committed to being fully GDPR compliant before May 25th 2018. We are already in the process of ensuring our product meets all GDPR requirements and our legal documents are updated to reflect these new requirements.
Data Processing Agreements
The biggest implication for our customers that fall under the GDPR is ensuring all processors and sub-processors of personal data are also compliant. Chartio is a processor for some of these customers in the sense we transform data into various visualizations. For these customers, we are creating a new GDPR complaint Data Processing Agreement. This agreement will be available for customers requiring it upon request before the May 25th deadline.
Chartio already has strict internal security policies and is built on top of the rock-solid foundation of Amazon Web Service. However, we felt it necessary to provide more visibility into our security practices moving forward. That's why we are also undergoing a SOC2 Type II audit in parallel to GDPR preparations. SOC2 provides 3rd party attestation that Chartio's security policies meet the trust principles required as part of the audit.
Commitment to Privacy
We are committed to maintaining the privacy of our customer’s data. We certify to Privacy Shield, are implementing GDPR compliance, and testing our controls under SOC2. If you want to know more about our policies and plans, don't hesitate to email us at firstname.lastname@example.org.