How Filestage complies with GDPR
We at Filestage wholeheartedly support the privacy rights of our customers. Even long before the GDPR took effect, we have taken many measures to ensure that we fulfill legal obligations and maintain our transparency about how and why we process customer data.
Internal data audit
We work together with an external data protection officer who checks our internal processes for data protection compliance. We review all the data we collect and the reasons for why we collect it. We also review which of our employees have access to which data.
We only work with vendors and sub-processors who meet our high data protection requirements as well as the legal requirements. We review our vendors and sub-processors to ensure they are adhering to GDPR. We sign the relevant data processing agreement (DPA) with regards to that.
It is important for us to explain transparently how and for what purpose customer data is used at Filestage. We document our processes and update our data privacy agreement and data processing agreement accordingly.
With an external data protection officer, we ensure that we continuously improve our processes and also comply with future changes in the legal framework conditions.
An audited minimum relevant set of data is shared with the following sub-processors:
- AWS: Data hosting (servers are located in Germany).
- Stripe: Payment processing. (USA)
- Intercom: Customer support and customer management. (USA)
- FullStory: Customer support and user research. (USA)
- Asana: Project management and customer support. (USA)
- Slack: Customer support. (USA)
- Zapier: Workflow automation. (USA)
- MongoDB Atlas: Data hosting. (USA)
- Sentry: Technical logging. (USA)
- Loggly: Technical logging. (USA)
- Quaderno: Invoicing. (Spain)
- Billomat: Invoicing. (Germany)
- Pipedrive: Customer and lead management. (Estonia)
- SatisMeter: Customer support. (Czech Republic)
Getting a signed DPA for your organization
At this time, we only offer to sign or fill out custom DPAs for our users on the Enterprise plans. Otherwise, we will kindly ask you to refer to the DPA which I have provided.
If having a signed DPA is a necessity, you can contact us and we will be happy to discuss an Enterprise account that includes the DPA.