Filestack’s Commitment to GDPR

Filestack & GDPR

In April 2016, European Parliament and European Council adopted legislation known as GDPR (General Data Protection Regulation). It replaces European Privacy Directive 95/46/EC.

GDPR is a new comprehensive law that strengthens the protection of “personal data” and the rights of the individual. It regulates the processing of personal data about subjects in the EU including its collection, storage, transfer or use. It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect.

At Filestack, we are committed to meeting the requirements of the GDPR by May 25th, 2018 when it becomes enforceable. We fully support the privacy rights of our customers and their users. In the coming blog series we will showcase the steps we’ve taken to prepare for compliance. We hope that these articles will help our customers and other businesses prepare for GDPR.

As of today, we are reviewing and updating our internal data processes and systems. We have also released an updated version of our Data Processing Agreement to allow our customers to continue lawfully transfer of the EU personal data to Filestack when the GDPR goes into effect.

If you are subject to GDPR and would like to sign our DPA, please reach out to us at

It is important to note that Filestack is a processor with respect to personal data submitted by end users who interact with our APIs, upload system and cloud integrations.

In addition to our commitment to GDPR, Filestack is certified under both EU-U.S. and Swiss-U.S Privacy Shield Framework.

In the next blog posts we will talk about:

  • What Filestack customers need to do in the context of GDPR compliance
  • What steps we have taken to comply
  • Product changes made in context of GDPR compliance

If you have any questions regarding GDPR or how we are preparing please reach us at

Read More →

Ready to get started?

Create an account now!