Threat Stack GDPR Overview

Note: This document describes how Threat Stack conforms with the EU General Data Protection Regulation (GDPR).

Commitment to GDPR and Our Customers

Threat Stack is committed to data privacy and security, including complying with and, where applicable, helping our customers and users comply with the EU General Data Protection Regulation (GDPR). GDPR is the comprehensive EU-wide data privacy law that went into effect on May 25, 2018. Besides strengthening and standardizing user data privacy across the EU, it introduced new or additional obligations on all organizations that handle EU residents’ personal data, regardless of where the organizations are located.

In preparing for GDPR, the Threat Stack team decided to apply these standards to its entire privacy program, covering all citizens — not just those in the EU. Since GDPR sets the highest and most reasonable regulatory standard, this means that as new privacy regulations come to bear — such as the California Consumer Privacy Act — we are more likely to be able to support those standards on day zero.

How We Comply With GDPR

Building on our robust privacy and security program, our team has adapted our policies, products, and business strategy to address GDPR’s significant new requirements. Measures we have implemented include:

• Investments in our security infrastructure and certifications

• Updates to our standard contractual terms

• Executing Data Processing Addenda to our contracts with applicable third parties

• Vendor and partner due diligence procedures, including initial and ongoing reviews of the service(s) provided, the necessity of the processing activity, the technical and organizational measures in place, and compliance with GDPR

• GDPR-focused revisions to our Privacy Policy (www.threastack.com/privacy)

• Enhanced data mapping and tracking in our internal processes

• Supplemental privacy and security training for employees

• Updated incident-response plan and breach-notification policy

• Security review of key data subprocessors

• Procedures for handling user requests and inquiries relating to personal data

More Information

Protecting our customers’ information and their users’ privacy is extremely important to us, and we have set high standards for security. If you would like to learn more about our security policies and procedures, please see our security page at www.threatstack.com/security, or reach out to us at [email protected]