Productive is GDPR compliant

The European Union (EU) General Data Protection Regulation (GDPR), enforced from May 2018, is one the biggest changes to data privacy regulation for businesses with customers from European Union.

We put security, privacy and data protection at the core of our product. We are fully certified as GDPR compliant, and constantly strive to go above the minimum regulatory standards.

Working with external legal counsel we’ve updated our Terms of service and Privacy terms to be in compliance with GDPR and other generally acceptable privacy law.

How does GDPR relate to Productive?

The GDPR regulates the processing of personal data about individuals in the EU including its collection, storage, transfer or use. Under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”). It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.

Productive’s GDPR commitment

Productive as a tool has two kinds of relationship:

  • Productive <-> Customer (e.g. Awesome branding agency) – an organization using Productive
  • Productive <-> User (e.g. John Doe) – a user that has a login to Productive

Everything you do in your organisation is your data (e.g. projects, budgets, contacts, emails), owned by your organisation. You are the data controller of that data, meaning you can manage it. You can process your data, export it or delete it.

While you are data controller of your data, Productive is the data processor. To be fully compatible with GDPR we’ve added the option to destroy all data from your organisation on request. If an organisation decides to leave Productive they can request complete deletion of all business data.

On the individual level, a relationship between Productive and a user begins by user getting invited to Productive. In this case, Productive is the data controller and we are responsible for the personal data. However, we also give an option to individual users to delete their accounts and data upon request if they decide to leave Productive.

Productive’s security standards

We keep your data secure 100% of your time.

We don’t share it, copy it or access it without your permission.

If you decide to leave us, we will remove your data permanently upon your request.

Because we are committed to the safety and keeping you sleep tight at night, we want to share our security standards with you.

Data access

Only a small subset of members of the Productive team have direct access to the live database. This access is granted on a need-to-know basis and is tightly controlled.
Data export If you decide to leave us, you get a full copy of your database. Contact us, and we’ll provide you with all your data. Want to access your data via API? No problem, we have you covered. Visit https://developer.productive.io/ for more information on how our API works.
Uptime We guarantee an uptime service level of over 99%.
You can check out the status of our services by visiting http://status.productive.io.
We take daily automatic database snapshots. We store them for 30 days. We do manual database snapshots once every month and store them for half a year. We have a standby replica of the database in case something physically happens to the original one. Everything is backed up in real time so that your data is safe.
Monitoring Our system is closely monitored 24/7. If anything happens, we know about it immediately and can react. There are real-time reports in place that ensure we’re ready to fix the problem
Credit card safety We use Stripe as our credit card processor. Card information storage, transmission and processing are completely PCI-Compliant. Every transaction is processed with the same high-level secure encryption just as in a bank. We don’t store your credit info nor do your credit card numbers pass through our servers at any time.
Data hosting We use Amazon AWS as our hosting provider. Our servers are part of the Amazon AWS infrastructure and hosted in the EU. The actual location of these data centres is known only to Amazon employees who have a legitimate business need to have such information. Amazon provides a highly secure architecture and restricts unauthorized access.

 

If you would like to know more about our security measures and GDPR compliance, please contact us at contact@productive.io and we’ll be happy to answer all your questions.