GDPR Overview Page


Platform.sh has taken numerous steps to ensure GDPR compliance.

As part of our measures we have implemented the following:

  • Data Protection Officer: Appointment of a Security Officer who also holds the Data Protection Officer (DPO) role.
  • Data Breach Policy: We have updated our data breach policy and procedures, and have confirmed that all of our suppliers are compliant with breach notification requirements.
  • Consent: We have confirmed that all of our customer communication, both business and marketing-related, is opt-in, and we do not collect customers' information without their consent.
  • Data Governance: We have completed internal audits on all of our suppliers to ensure their internal security measures are adequate, and can confirm that our in-scope suppliers are GDPR compliant.
  • Data Protection by design: We have implemented company policies to ensure that all of our employees receive the necessary compliance training and follow proper protocols regarding security. Further, privacy and data protection implications are assessed at the start of every new project.
  • Enhanced Rights: The GDPR provides rights to individuals such as the right to portability, the right to rectification, and the right to be forgotten. We comply with these individual rights. Nearly all information can be edited through a user’s account, and we can delete accounts upon request.
  • Personally identifiable information (PII): We have audited our systems to confirm that your personal data is encrypted and protected.
  • Data Flows: We have identified and classified data, and have created a high-level data flow diagram that maps out data shared with vendors, including cross-border transfers.
  • Privacy Impact Assessment (PIA): We have performed an internal PIA to ensure that we comply with GDPR principles and obligations.
  • Security: We have created https://platform.sh/security to document our security features.
  • Data Collection: We have documented information about what data we collect.
  • Data Retention: We have documented information about our data retention practices.
  • Data Processing Agreement (DPA): We have revised our Terms of Service and Privacy Policy to align with the GDPR, and we offer a pre-signed DPA agreement that can be downloaded at the top of the Privacy Policy.