Group 65Go to Filestage
All Collections
General questions
Security and encryption (EN)
How Filestage complies with GDPR

How Filestage complies with GDPR

This article covers all relevant data surrounding how Filestage protects your data and adheres to GDPR.
Anne Krieger avatar
Written by Anne Krieger
Updated over a week ago

How Filestage complies with GDPR

We at Filestage wholeheartedly support the privacy rights of our customers. Even long before the GDPR took effect, we have taken many measures to ensure that we fulfill legal obligations and maintain our transparency about how and why we process customer data.

Internal data audit

We work together with an external data protection officer who checks our internal processes for data protection compliance. We review all the data we collect and the reasons for why we collect it. We also review which of our employees have access to which data.

Sub-processor audit

We only work with vendors and sub-processors who meet our high data protection requirements as well as the legal requirements. We review our vendors and sub-processors to ensure they are adhering to GDPR. We sign the relevant data processing agreement (DPA) with regards to that.

Transparent documentation

It is important for us to explain transparently how and for what purpose customer data is used at Filestage. We document our processes and update our data privacy agreement and data processing agreement accordingly. 

Ongoing improvements

With an external data protection officer, we ensure that we continuously improve our processes and also comply with future changes in the legal framework conditions.

Our Sub-Processors

An audited minimum relevant set of data is shared with the following sub-processors:

  • AWS: Data hosting (servers are located in Germany).
  • Stripe: Payment processing. (USA)
  • Intercom: Customer support and customer management. (USA)
  • FullStory: Customer support and user research. (USA)
  • Asana: Project management and customer support. (USA)
  • Slack: Customer support. (USA)
  • Zapier: Workflow automation. (USA)
  • MongoDB Atlas: Data hosting. (USA)
  • Sentry: Technical logging. (USA)
  • Loggly: Technical logging. (USA)
  • Quaderno: Invoicing. (Spain)
  • Billomat: Invoicing. (Germany)
  • Pipedrive: Customer and lead management. (Estonia)
  • SatisMeter: Customer support. (Czech Republic)

Getting a signed DPA for your organization

At this time, we only offer to sign or fill out custom DPAs for our users on the Enterprise plans. Otherwise, we will kindly ask you to refer to the DPA which I have provided. 

If having a signed DPA is a necessity, you can contact us and we will be happy to discuss an Enterprise account that includes the DPA.


Please let us know if you have any questions about Filestage's privacy policy. We're always happy to help!

Did this answer your question?