General Data Protection Regulation(GDPR) compliance
GDPR(General Data Protection Regulation) aims to strengthen data privacy and data protection for
citizens and must be followed by all companies that have customers from the EU. GDPR will come into
effect in May
25th, 2018 and if you have EU customers, you will need to become compliant.
Is Kompassify GDPR compliant?
Yes. Kompassify achieved compliance with GDPR prior to May 25th, 2021.
Does it affect me?
Yes, most likely. If you hold or process the data of an any person in the EU, the GDPR will apply to
you, whether you’re
based in the EU or not.
How Kompassify prepared for GDPR
Our teams worked hard to ensure we complied with GDPR. This was a massive overhaul of processes and data models to make
sure we met our legal obligations, and did the best thing for our customers while still letting us move fast, scale and
build great products.
Personal information we hold
There are two type of entities using Kompassify products:
- Our customers (ie. the operators using the Kompassify Dashboard to create product tours to their
First and last name
- Our customers end-users (ie. the users of our customers)
We don't hold any personal informations about our customers end-users
(we only store the IDs of Kompassify finished and started product Tours)
* For all two parties we do store the IP address for fraud analysis and data security to:
Detect and block fraudulent sign ups
Ban IPs with suspicious behavior
Rate limit API requests and mitigate DDOS attacks associated to certain users
Stored data location
All Kompassify's data is held on servers hosted in Germany.
Data security and data breaches
We take data protection and security very seriously at Kompassify. We constantly monitor for security
unauthorized access and we will take action immediately if something suspicious is been detected. In an
case of a data breach, we willl notify all of our customers within 72 hours after the breach was
Some of the preventive measures we take include:
- Encrypted HTTPS communication layers for all data transfers
- Isolated data containers and data network
- Powerful firewalls to prevent and mitigate different types of attacks and data leaks
- Use of 2-Factor-Authentication on all our sensitive accounts
- Multiple encrypted backups at database and disk level, stored for one week
- Data retention for expired trial and cancelled users of 2 years and 5 years for the rest
Data subject rights
Kompassify customers rights regarding to GDPR are considered and enforced, including:
Right To Be Informed: we clearly inform our users about the use that will be made
of their data
Right To Access: our users can access all their data, without restriction, from
Right To Be Object: we handle all requests on this matter from our users and users'
end-users (contact us)
Right Of Erasure: it's as simple as contacting us, we'll
process all your erasure queries
Right To Data Portability: our users may contact us
anytime if they wish to get an export of their data
Right To Rectification: it's as simple as contacting us,
we'll process all your rectification queries
Right not to be subject to automated decision-making including profiling: we don't
do that (and never will)
Subject access requests
Kompasify replies to all access requests (positively or negatively) under 1 week (the legal limit from
GDPR is 1 month).
We offer this free of charge for our customers (paid and free).
Consent is provided by our users explicitly when proceeding an action or task (eg. when they provide
and backend REST API,
compliant. We also added cookie consent banner to our website to make sure we store cookies only after
consent is given.