GDPR is a great and important step towards better protection of personal information on the web. Here’s what we did to comply with this regulation.
As we are addressing mostly developers, we won’t offend you by telling you what’s GDPR, and why it exists. You most likely had to work on it yourself. Still, it is important that you know Blackfire is GDPR compliant, and the few points we improved to match the requirements.
What we did
- We worked with an expert third-party who conducted an audit on how we handle any personal information, with regards to GDPR;
- We made sure all archives would be deleted or fully anonymized should you ask for your right to be forgotten;
- We unsubscribed from our newsletters any user who wasn’t, in the very early days of Blackfire, given the option to opt-in;
- We checked all of our third party services also comply with GDPR. Namely:
Clarification: Data Processing Addendum / Collector / Processor
We’ve been receiving a few requests for a “DPA” by our customers. It is important that we clarify that there’s no need for such a document between Blackfire and its users.
One of the key technical points, and reason why you can use Blackfire without any concern for the privacy of your own users, since day one is: we do not collect any of your user’s data.
A Data Processing Addendum may be required to be sign between two parties, a Collector and a Processor. A Collector collects personal information from its users. A Processor can get some of that data from the Collector, and process it, as the value it provides to the Collector. Blackfire is not a Processor of any data you will collect from your users. There is therefore no need for you to have a Data Processing Addendum with Blackfire.