tag:help.tenderapp.com,2008-11-12:/discussions/questions/21985-gdpr-compliantTender: Discussion 2018-03-15T22:34:38Ztag:help.tenderapp.com,2008-11-12:Comment/448424702018-03-06T06:02:00Z2018-03-06T06:02:00ZGDPR compliant<div><p>You will need to provide a statement on your own site with regards to what you do with people's personal information. This could be as simple as "We store your email address and account balance to provide you with better customer service".</p>
<p>While we as a company do not do any processing on personal information of your customers[1], you may be sending additional personal info and storing it in Tender as part of the SSO request or user API, in which case you'd want to mention that, and what you're doing with it, in a kb article.</p>
<p>In terms of the new gdpr rules, you are already able to easily and permanently delete support staff and end users at their request for removal, as well as attachments or comments.</p>
<p>All the data is stored in the USA, at biometric-secured facilities and is transmitted with encryption; all reasonable security processes have been enacted. We don't offer European hosting.</p>
<p>Is there anything else you need to know?</p>
<p>[1] we do actually analyze the country of the IP address of unregistered commenters for spam verification, but we don't process this for active users or those who come via SSO, i.e. your site.</p></div>Courtenaytag:help.tenderapp.com,2008-11-12:Comment/448424702018-03-10T03:38:37Z2018-03-10T03:38:37ZGDPR compliant<div><p>See also <a href="https://help.tenderapp.com/discussions/questions/22075-gdpr-compliance">followup</a></p></div>Courtenay