At Fleksy, we take your data privacy and security very seriously. We’re prepared for the European General Data Protection Regulation (GDPR)
WHAT’S GDPR?
This is a European Union regulation, designed to improve the data security and privacy of European citizens. Find out more on Wikipedia – the short version is “companies in Europe have to make sure your data is safe, and that you can access and control it”. We think it sounds like a good idea, don’t you?
It’s about giving our users greater security, transparency, and control of your personal data online. We think this is a good thing wherever you’re from, not just if you live in the European Union!
GDPR AND FLEKSY
We didn’t need to make GDPR compliance a priority at Fleksy, because our users’ data has always been private; principles of privacy and security have always been a part of everything we do.
We’ve reviewed our contracts with vendors and partners to make sure they are also compliant, and can give us the guarantees on privacy and data protection that we need, such as the EU-US Privacy Shield framework.
GDPR FREQUENTLY ASKED QUESTIONS
- Are you compliant with the GDPR? Based on our self-assessment and that of our Data Protection Officer we are currently compliant. We regularly review what we collect and how we can most securely store our users’ data.
- What does Fleksy store? We store only anonymous necessary information.
- How do you store it? We encrypt your data both at rest and in transit, and our site and storage processes are architected for security.
- Who can access it? We have extensive internal access controls and regulations for the Fleksy team, who only has access to anonymous data, and we have all been security checked. Fleksy users are unable to set permission levels to restrict access to sensitive materials because we do not have access to such data. All that is typed stays in the user’s phone and is not sent to our servers. We follow the principles of the General Data Protection Regulation of May 2018. We have a designated Data Protection Officer, and accountability and privacy are principles that are designed into both our software and policies.
- What is your core compliance with the act?
- Have full awareness of where any of your data is being held & when outside the EU, ensuring appropriate compliance is in place
- Ensure that only those who require access to your data are able to access it & we have the highest level of protection against unauthorised access
- Ensure you have the right to view, amend, export or delete any information that we hold on your behalf, including anything held by 3rd party services
- Who is the official Data Protection officer for your organisation? Our Data Protection Officer is available should you have any concerns or issues. Please contact Customer Support.
- How long do you retain user data? The only data collected is anonymous, and we retain this data for improving the keyboard and the user experience, indefinitely.
- Where is our data held? Within the EU, at AWS.
- If you were asked to remove all data on a user would you be able to do that in a timely fashion? Of course, please contact Customer Support.
- Do you have a process in place for reporting personal data breaches to the relevant data protection authority, and in some circumstances, to the affected data subjects, where feasible, within 72 hours of having become aware of it? Yes, we do.
- Do you have a security policy? Fleksy is a secure keyboard app, by design. Every line of code in Fleksy has been written with privacy in mind. We use the very latest framework releases, reuse tried and tested modules, and apply fundamental security considerations to every aspect of software design and development. We also frequently review and externally test our software to keep it ahead of emerging threats. We’re continuously improving our internal processes and security measures to ensure complete platform assurance, and we actively pursue certification to national and global best practice security standards. Furthermore, everyone who works at Fleksy has been security vetted. We make sure there are several layers of controls that individuals must go through to access customer data.
- What does it mean for me? If you’re a company, this means more transparency and visibility of how we process personal data. If you’re an individual, you don’t need to do anything! This all just means your data is safer than ever.