From dfa25cb1b970e0463ae11999b11be608d1fd05c3 Mon Sep 17 00:00:00 2001 From: miljakljajic Date: Thu, 15 May 2025 12:18:37 +0200 Subject: [PATCH] Update Encryption-and-Data-Security.md Made some updates to remove the now irrelevant privacy shield framework and update our GDPR page so it doesn't read like we wrote it back in 2018 when the legislation was first introduced --- .../settings/Encryption-and-Data-Security.md | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/docs/articles/new-expensify/settings/Encryption-and-Data-Security.md b/docs/articles/new-expensify/settings/Encryption-and-Data-Security.md index fff3e6365ff9..d5a9d079f095 100644 --- a/docs/articles/new-expensify/settings/Encryption-and-Data-Security.md +++ b/docs/articles/new-expensify/settings/Encryption-and-Data-Security.md @@ -28,26 +28,17 @@ With this setup, sensitive data stays secure and can't be accessed outside our s ## Our Commitment to GDPR -The General Data Protection Regulation (GDPR), introduced by the European Commission, is a set of rules to strengthen and unify data protection for individuals in the European Union (EU). It also addresses the transfer of personal data outside the EU. This regulation applies not only to EU-based organizations but also to those outside the EU that handle the data of EU citizens. The compliance deadline for GDPR was May 25, 2018. +Expensify is fully committed to meeting the requirements of the General Data Protection Regulation (GDPR). We have implemented robust privacy, security, and data governance measures to protect personal data and uphold the rights of our EU customers. Our commitment to protecting the privacy of our customer’s data includes: -- Being active participants in the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks. -- Undergoing annual SSAE-18 SOC 1 Type 2 audit by qualified, independent third-party auditors. +- Undergoing annual SOC 1 Type 2 and SOC 2 Type 2 audits by qualified, independent third-party auditors. - Maintaining PCI-DSS compliance. - Leveraging third-party experts to conduct yearly penetration tests. - All employees and contractors are subject to background checks (refreshed. annually), sign non-disclosure agreements, and are subject to ongoing security and privacy training. +- We’ve signed Data Processing Addendums (DPAs) with all our vendors to ensure your data is handled safely during onward transfers. +- Our product tools allow users to export data, manage preferences, and close accounts anytime. - -We have worked diligently to ensure we comply with GDPR. Here are some key changes we made: - - -- **Enhanced Security and Data Privacy**: We've strengthened our security measures and carefully reviewed our privacy policies to align with GDPR requirements. -- **Dedicated Data Protection Officer**: We've appointed a dedicated Data Protection Officer who can be reached at [privacy@expensify.com](mailto:privacy@expensify.com) for any privacy-related inquiries. -- **Vendor Agreements**: We've signed Data Processing Addendums (DPAs) with all our vendors to ensure your data is handled safely during onward transfers. -- **Transparency**: You can find details about the sub-processors we use on our website. -- **Privacy Shield Certification**: We maintain certifications for the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, which help secure international data transfers. -- **GDPR Compliance**: We have a Data Processing Addendum that outlines the terms to meet GDPR requirements. You can request a copy by contacting [concierge@expensify.com](mailto:concierge@expensify.com). -- **User Control**: Our product tools allow users to export data, manage preferences, and close accounts anytime. +For more detail, review our privacy policy. **Disclaimer**: Please note that the information on this page is for informational purposes only and is not intended as legal advice. It's essential to consult with legal and professional counsel to understand how GDPR may apply to your specific situation.