Skip to content

GDPR

Steady is fully compliant with the EU General Data Protection Regulation (GDPR).

GDPR adds new requirements regarding how companies should protect the data that they process. While we’ve always been compliant from a technical perspective, we’ve also updated our Privacy Policy to reflect our compliance with these requirements. In addition, below you’ll find information about our sub-processors, our Data Processing Addendum (DPA), and links to our EU-US and Swiss-US Privacy Shield Framework certification.

Data Processing Addendum

The Data Processing Addendum (DPA) to our Terms of Service details the rights and responsibilities for the processing and security of customer data.

Cross-Border Transfers of Personal Information

Steady has certified compliance with the EU-US and Swiss-US Privacy Shield Framework to safeguard the transfer of Personal Information from the EU to the US. On July 16, 2020, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield and instructed the EU Commission to develop and implement a new data transfer framework. Steady is committed to using lawful data transfer mechanisms for all cross-border transfers of Personal Information. Until a new framework is adopted, we will rely on Standard Contractual Clauses or another appropriate legal basis for the transfer of EU Personal Information, where required.

Sub-processors

Steady uses third party sub-processors, such as cloud computing providers and customer support software, to provide our application to our customers. We enter into GDPR-compliant data processing agreements with each sub-processor, extending GDPR safeguards everywhere personal data is processed.

Here’s our list of sub-processors. All of the data is processed in the United States.

More Information

Contact us anytime for additional details.