Productive Is GDPR Compliant

The European Union (EU) General Data Protection Regulation (GDPR), enforced from May 2018, is one of the biggest changes to data privacy regulation for businesses with customers from the European Union.We put security, privacy, and data protection at the core of our product. We are fully certified as GDPR compliant, and constantly strive to go above the minimum regulatory standards.Working with external legal counsel we’ve updated our Terms of Service and Privacy Terms to be in compliance with GDPR and other generally acceptable privacy law.

How Does GDPR Relate to Productive?

The GDPR regulates the processing of personal data about individuals in the EU including its collection, storage, transfer or use. Under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”). It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.

Productive’s GDPR Commitment

As a business management platform, Productive has two kinds of relationships:

• Productive <—> Customer (e.g. awesome branding agency) — an Organization using Productive
• Productive <—> User (e.g. John Doe) —- a user that has a login to Productive

Everything you do in your Organization is your data (e.g. projects, budgets, contacts, emails), owned by your Organization. You are the data controller of that data, meaning you can manage it. You can process your data, export it, or delete it.While you are the data controller of your data, Productive is the data processor. To be fully compatible with GDPR we’ve added the option to destroy all data from your Organization on request. If an Organization decides to leave Productive they can request the complete deletion of all business data.On the individual level, a relationship between Productive and a user begins by the user getting invited to Productive. In this case, Productive is the data controller and we are responsible for the personal data. However, we also give an option to individual users to delete their accounts and data upon request if they decide to leave Productive.

Productive’s Security Standards

We keep your data secure 100% of your time.We don’t share it, copy it, or access it without your permission.If you decide to leave us, we will remove your data permanently upon your request.Because we are committed to safety and keeping you sleep tight at night, we want to share our security standards with you.

Data Access	Only a small subset of members of the Productive team has direct access to the live database. This access is granted on a need-to-know basis and is tightly controlled.
Data Export	If you decide to leave us, you get a full copy of your database. Contact us, and we’ll provide you with all your data. Want to access your data via API? No problem, we have you covered. Visit https://developer.productive.io/ for more information on how our API works.
Uptime	We guarantee an uptime service level of over 99%. You can check out the status of our services by visiting http://status.productive.io.
Backups	We take daily automatic database snapshots. We store them for 14 days. We do manual database snapshots once every month and store them for half a year. We have a standby replica of the database in case something physically happens to the original one. Everything is backed up in real-time so that your data is safe.
Monitoring	Our system is closely monitored 24/7. If anything happens, we know about it immediately and can react. There are real-time reports in place that ensure we’re ready to fix the problem
Credit Card Safety	We use Stripe as our credit card processor. Card information storage, transmission, and processing are completely PCI-Compliant. Every transaction is processed with the same high-level secure encryption just as in a bank. We don’t store your credit info nor do your credit card numbers pass through our servers at any time.
Data Hosting	We use Amazon AWS as our hosting provider. Our servers are part of the Amazon AWS infrastructure and hosted in the EU. The actual location of these data centers is known only to Amazon employees who have a legitimate business need to have such information. Amazon provides a highly secure architecture and restricts unauthorized access.

Contacting Productive

If you would like to know more about our security measures and GDPR compliance, please contact us at contact@productive.io, or at our mailing address below. We’ll be happy to answer all your questions.

The Productive Company, Inc. 2093 Philadelphia Pike #3280 Claymont, DE, 19703