Skip to main content
All CollectionsFAQPrivacy & Legal
Is Canny GDPR compliant?
Is Canny GDPR compliant?

Yes! Here you will find all the details.

Sarah Hum avatar
Written by Sarah Hum
Updated over 2 months ago

Yes! Canny is fully committed to upholding compliance with GDPR.

What is GDPR?   

The GDPR (General Data Protection Regulation) is a new comprehensive data protection law that has been in effect since May 25, 2018. It replaced the prior EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It is a single set of rules which govern the processing and monitoring of EU data.

GDPR Compliance Questions

What personal data is collected?

  • Your team member names and email addresses.

  • Your customer data includes, but is not limited to, names, email addresses.

Where is data stored and processed?

All data is stored in the United States (with MongoDB Atlas on AWS) and processed with Amazon Web Services (AWS).

It is a common misconception that EU data residency is a requirement of GDPR, but rest assured, we work with multiple EU companies and all data is handled in compliance.

Our DPA includes the Standard Contractual Clauses (SCC), which are accepted as an appropriate safeguard for personal data transfers to non-EEA countries. You can see this same information stated on many websites hosted by legal/data privacy experts, including the official website of the EU.

Do you enter into Data Processing Agreements (DPA)?

Yes. We do offer a standard DPA here at Canny and would be happy to countersign via DocuSign. If you prefer a customized DPA, that does require legal review. Please reach out and start a chat for further details.

What third-parties do you share data with?

Name and Address

Purpose

Applicable Safeguards
(if data is processed outside the EU/ EEA)

Amazon Web Services
440 Terry Ave N
Seattle, WA 98109

Cloud services: data storage & processing

DPA signed with SCCs

Google Analytics
1600 Amphitheatre Parkway
Mountain View, CA 94043

Website analytics

DPA signed with SCCs

MongoDB

1633 Broadway 38th Floor
New York, NY 10019

Data storage

DPA signed with SCCs

Sentry
132 Hawthorne St
San Francisco, CA 94107

Error handling

DPA signed with SCCs

Mailgun
535 Mission St
San Francisco, CA 94105

Email

DPA signed with SCCs

OpenAI

3180 18th St.

San Francisco, CA 94110

AI-related services

DPA signed with SCCs

Cloudflare
101 Townsend St.
San Francisco, California 94107

Cloud services: networking

DPA signed with SCCs

How do I exercise my GDPR rights as a data subject?
You can contact us directly via live chat or send an email to privacy@canny.io

What are your company details?
Canny is operated by Canny Inc.
Our mailing address is:

800 N King Street
Suite 304 1121
Wilmington, DE 19801
United States

See more details in our Privacy Policy.

Did this answer your question?