Gatsby is committed to our customers’ privacy. One of the ways we uphold this commitment is to maintain GDPR compliance. GDPR is short for General Data Protection Regulation, and is a European regulation implemented to give EU citizens control of their personal data that companies can legally hold. Customers have the right to know what data we collect to provide our service, the right for that data to be deleted, and the right to take that data if choosing to no longer engage in business with us.
While Gatsby is not headquartered in the European Economic Area (EEA), GDPR applies to any business that collects, stores, and uses personal data from people that reside in the EEA. Because we have many customers in that region, we are required to adhere to GDPR standards and protect the Personal Identifiable Information (PII) of our customers in the EU.
In order for an organization to be GDPR compliant, they are required to implement a variety of controls. Our privacy policy outlines the data that we collect about users, and we have implemented internal processes and controls for storing and exporting PII. We have also implemented a public intake process for GDPR-related requests.
In addition to implementing processes and controls to be GDPR compliant, we’ve also worked with our compliance partners at Laika who completed a rigorous review of all of our processes. We chose to go this extra step of being audited to ensure that we are meeting best practices with regard to EU data privacy compliance.
If you are an EU customer and would like to make a GDPR-related request, you can do so by signing into your Gatsby Cloud account and filling out a support ticket under the category “GDPR Data Request”. From there our Customer Success team will assist you with your request. If you have any questions about GDPR or other compliance-related topics, feel free to reach out to compliance@gatsbyjs.com.