This article explains in detail where PerformFlow’s data is stored and how our processing complies with GDPR. It also explains our compliance with GDPR’s International Data Transfer clause.
- Legitimacy of our data processing operations
- Do we do international transfer of personal data?
- Which Data Transfer mechanisms does PerformFlow rely on? Standard Clauses or Privacy Shield?
We store and process your user and usage data (refer to article: What data stored by PerformFlow & how is it used?) in Firebase, the Google cloud-hosted database.
The physical storage of PerformFlow data and processing is protected under Data Processing and Security Terms of Google Cloud Platform.
PerformFlow is GDPR compliant as we do not transfer any personal data. We never save your content or data of your google form or the documents generated out of your google form submission, in our database.
If an approval workflow is setup, we do store the specific configuration data and the generated file information in Google Firebase. This data is absolutely essential for PerformFlow’s web app to trigger email notification and updation of the approval information in the Form responses spreadsheet whenever there is an approval action on the document flow.
We will never transfer, sell, make copies, or share any of your data stored by PerformFlow to third party services or companies.
Upon completion of the DPA, it is stipulated that: The application of lawful data transfer mechanisms for our customers who wish to transfer personal data to a third country (outside the EEA) in accordance with Article 45 or 46 of the GDPR, relies on entering into Standard Contractual Clauses or offer any alternative transfer solution if requested (for example, the EU-U.S. Privacy Shield).