Safe Software and the GDPR

Safe Software takes its responsibilities under privacy laws very seriously. As a Canadian company that is governed by Canada’s Personal Information Protection & Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL), we believe that there is already significant alignment between these laws and the EU’s privacy laws, including the GDPR. Where there are differences between these laws, Safe Software is taking active steps to ensure we meet the unique requirements of the GDPR for our EU customers. Our Privacy Policy contains more specific information.

The European Commission has found Canada to be among the countries providing adequate data protection for EU citizens. As a result of this decision, personal data can flow from the EU to Canada without any further safeguards, such as Privacy Shield certification, being necessary. In other words, data transfers to Canada can be treated as the same as intra-EU data transmissions.

Safe Software acts as both a data controller and a data processor. Safe Software is a data controller when we collect and process your information to set up your account, process your orders, manage the FME Community, or respond to your requests for technical support. Safe Software acts as a data processor when you use FME Flow Hosted to process personal data. We expect that most customers are not using FME Flow Hosted to process personal data, but if you are and you require a Data Processing Addendum (DPA) then you can download, sign and return our standard DPA.


For our FME Flow Hosted platform, we use the following sub-processors:

Third Party Service Country Purpose Data Shared
Braintree USA Payment Service First and last name, billing address, credit card, transactions
Auth0 USA Authentication Provider Required: IP address, email
Optional: name and other biographic info
Postmark USA Email Service First and last name, email address, information related to account (account name, instance name, credits, members of account), billing address and account usage (because of invoices)
Librato USA Instance Monitoring Metrics from instance (network usage, disk space, CPU usage, response time), Alerts (account name, instance id, alert id, alert trigger conditions)
MaxMind USA GeoIP Lookup User IP address
AWS Amazon USA, Ireland, Germany, Canada, Australia, UK, Sweden Platform Hosting & Data Storage Customer instances and data stored on location of customer’s choice
SalesForce USA CRM & LiveChat First and last name, email address, user id, account id, billing address, cloud usage and billing (not including credit card info), support cases
Airbrake USA Error Tracking User id, account name and id, instance name and id
Datadog USA Centralized Logging User id, user ip, usage pattern
OpsGenie USA Operations Notification Account name and id, instance name and id
AppSignal Netherlands Application Performance Monitoring Account ID, User ID

Notification Services (opt-in)

Slack USA Alerting
Postmark USA Alerting

Last Updated: April 13, 2023