Axure's Commitment to GDPR Compliance
Axure is committed to compliance with the European Union’s General Data Protection Regulation (GDPR), effective May 25, 2018. Although the law governs our relationship with only our European clients, our response to it includes changes to our policies effective for all users of our services and visitors to our site. Axure has made the GDPR a priority, and we are and have always been fully aligned with the regulation’s intended result: the protection of your privacy and personal data.
What Axure is doing to ensure compliance
Axure has dedicated significant internal and consulting resources to reviewing our existing processes, agreements with third-party vendors, and IT security policies for the GDPR. Below are examples of company-wide initiatives Axure has undertaken in order to abide by the new regulation:
- When processing personal data, we will follow the security and privacy measures required under GDPR.
- In the event of a personal data breach, we will promptly notify regulators as well as our customers and end users
- Axure staff who access and process personal data have been trained in handling data and maintaining the confidentiality and security of that data.
- Only essential staff, all located in the US and UK, access and process customer data, and only when necessary to provide services.
- We will hold our vendors who handle personal data to the same data management, security, and privacy practices to which we hold ourselves.
- We will periodically review and update our processes and security policies as required by the GDPR.
Does Axure process customer personal data?
Axure does not collect personally identifiable information for marketing purposes without customers’ consent, and customers may revoke consent at any time. (Axure’s marketing includes a drip email campaign and an email newsletter.) Furthermore, Axure has never sold PII to third parties and is committed to continuing this as a core business practice.
What data does Axure process?
Axure uses data that is found in a typical email signature: name, email address, mailing address, and phone number. Axure also stores avatars for customers who choose to include them in their accounts for the Axure forums, customer portal, and/or Axure Share. IP addresses may also be gathered in server logs but are not matched to other PII.
Where does Axure process and store data?
Axure stores customer data on Amazon Web Services (AWS) servers located exclusively in the US. Our third-party data center meets security regulations and standards with industry-leading physical and environmental controls. Our applications benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.
All of Axure’s employees are located in the US and the UK and only access the customer data necessary to provide product and customer support.
- Customer Agreement: https://www.axure.com/license
- GDPR Resources: http://ec.europa.eu/justice/data-protection/reform/index_en.htm