Chargify has always been dedicated to maintaining the best security for our merchants and their customers. When the EU’s new GDPR regulations are implemented, we’ll be ready.
GDPR distinguishes between a data controller (who collects and owns the data) and a data processor (who handles the data on behalf of the Controller). Chargify is a data processor. As a merchant with Chargify, you are usually the controller (unless you happen to be sub-contracted processor for another company).
When classified as the data controller, Chargify merchants must meet certain obligations, such as notifying or obtaining data subject consent.
As the data processor, Chargify promises to:
- Keep your data safe, secure, and private
- Maintain our EU Privacy Shield certification to allow for cross-border transfer of personal data
- Disclose our sub-processors and monitor their GDPR compliance
- Keep records of compliance and audit logs as required
- Make available tools to handle data subject requests, such as right-to-erasure and right-to-access
- Notify you of a security breach using your account notification contact
Although GDPR is very new, the standard has begun to emerge that each data processor writes a Data Processing Addendum that specifically covers the legal language needed to demonstrate compliance with GDPR. Since this document must reflect our actual internal policies and procedures, Chargify (as the processor) is in the best position to enumerate how we comply. (We can’t sign a contract that claims we do something that we actually don’t do!)
Every Chargify merchant is eligible to request and sign our established Data Processing Addendum. Simply email us at firstname.lastname@example.org
Chargify utilizes the following Sub-Processors when providing our service:
- Amazon Web Services - https://aws.amazon.com/compliance/gdpr-center/
- SumoLogic - https://www.sumologic.com/compliance/what-is-gdpr/
- SendGrid (if you enable any email sending inside Chargify) - https://sendgrid.com/resource/general-data-protection-regulation/
You also have the option to enable additional Chargify integrations (either built-in or through our APIs or webhooks). We do NOT directly evaluate or attest to the GDPR qualifications of integration partners. Each merchant is responsible for evaluating any third-party before creating or enabling an integration. These include, but are not limited to:
- Quickbooks Online