GDPR Compliance

GDPR is a great and important step towards better protection of personal information on the web. Here’s what we did to comply with this regulation.

Share this:
Click to share on Twitter (Opens in new window)
Click to share on Reddit (Opens in new window)
Click to share on Facebook (Opens in new window)
Click to share on LinkedIn (Opens in new window)
More
Click to email a link to a friend (Opens in new window)
Click to share on Pinterest (Opens in new window)
Click to share on Pocket (Opens in new window)
Click to share on Tumblr (Opens in new window)

By Christophe Dujarric, on Jun 26, 2018

As we are addressing mostly developers, we won’t offend you by telling you what’s GDPR, and why it exists. You most likely had to work on it yourself. Still, it is important that you know Blackfire is GDPR compliant, and the few points we improved to match the requirements.

What we did

We worked with an expert third-party who conducted an audit on how we handle any personal information, with regards to GDPR;
We updated our Privacy Policy, which also needs to be specifically accepted when you create a new account (or login for the first time since we published it);
We added the mandatory cookie acceptation banner, and created a Cookie Policy;
We made sure all archives would be deleted or fully anonymized should you ask for your right to be forgotten;
We unsubscribed from our newsletters any user who wasn’t, in the very early days of Blackfire, given the option to opt-in;
We checked all of our third party services also comply with GDPR. Namely:
- AWS (All of our data is hosted in Ireland)
- Intercom
- Recurly
- Hubspot
- Quickbooks
- Chartmogul
- Google Analytics and Google Ads
- Microsoft Office 365
- Campaign Monitor
- ConcordNow

Clarification: Data Processing Addendum / Controller / Processor

We’ve been receiving a few requests for a “DPA” by our customers. It is important that we clarify that there’s no need for such a document between Blackfire and its users.

One of the key technical points, and reason why you can use Blackfire without any concern for the privacy of your own users, since day one is: we do not collect any of your user’s data.

A Data Processing Addendum may be required to be sign between two parties, a Controller and a Processor. A Controller collects personal information from its users. A Processor can get some of that data from the Controller, and process it, as the value it provides to the Controller Blackfire is not a Processor of any data you will collect from your users. There is therefore no need for you to have a Data Processing Addendum with Blackfire.

Christophe Dujarric

Christophe is the Chief Product Officer at Blackfire. He's an engineer, but probably one of the least "tech" people in the company. He's wearing many hats, from product management to marketing and sales. He loves the beauty of simple solutions that solve actual problems.

GDPR Compliance

Share this:

What we did

Clarification: Data Processing Addendum / Controller / Processor

Share this:

Related

Christophe Dujarric