EU Data Protection & GDPR Compliance

We have created this page to provide information to our EU users as we implement changes to achieve compliance with EU-specific policies. Please feel free to contact us with any specific questions that you have.

When you use our service, you entrust us with your personal information. As a business-to-business (B2B) service, the personal information that we collect is limited; however, it is our priority to protect your data and provide you with mechanisms for controlling it. There are particular concerns and regulations from users located in the EU regarding how data is managed. This page is designed to outline how we manage data as it relates to EU users.

Privacy Policy

We outline our policies related to user privacy in our Privacy Policy. All users are required to agree to our privacy policy in order to create an account with Atatus.

Anonymizing IP Address

We take utmost care to ensure that our customer data is secure and easily accessible. While we are constantly working toward enhancing our security parameters under the GDPR guidelines, Atatus includes the following out-of-the-box capabilities geared toward protecting personal data and privacy.

Atatus does not collect any user specific information by default. The one thing that Atatus does store is the IP address of the user. In order to be GDPR compliant, we have an option to Anonymize the IP address of the user. Once you select this option in your project settings, then we would not have any user identifiable information with Atatus.

Security & Data Center

Atatus's service is hosted using Digital Ocean and Amazon Web Services (AWS). This includes all of our offered services, our global metric collectors, and data storage (including backups). Our data centers, where data is processed and stored compliant with industry standards including AICPA SOC 2 and 3.

We use a number of controls designed to prevent unauthorized access to your personal data. We restrict access to personal data only to our employees who need to know this information in order to operate, develop or improve our service.

GDPR (General Data Protection Regulation) Compliance

The GDPR (General Data Protection Regulation) is a piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation will become effective and enforceable on May 25, 2018.

GDPR adds new requirements regarding how companies should protect personal data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breach. We are following developments regarding GDPR and taking steps to prepare for compliance. These steps include, but are not limited to, the items outlined below.

Our policies and practices are regularly reviewed to ensure on-going compliance with GDPR.

Access to your Information (DSR requests)

Our service provides a number of built-in features for updating, exporting and deleting your data. This includes an interface for updating your personal and company information, export features for your errors and reports, as well as the ability to close your account entirely.

Closing your account will permanently delete all data from your account immediately. Your personal information may remain for a short time within our support system (if you've contacted us) and within our database backups. That information is purged after 30 days.

If you belong to a paid organization when you close your account, that organization's data will remain intact. Paid organizations can be canceled but their information will remain by default to enable reactivation (which is fairly common). Information can be purged at the request of an administrator of the paid organization.

We are happy to manually service any requests which cannot be adequately serviced using the features detailed above. You may contact us by email with your request. We will always respond to these requests within 30 days (as required under GDPR).