Safe Software and the GDPR
Safe Software takes its responsibilities under privacy laws very seriously. As a Canadian company that is governed by Canada’s Personal Information Protection & Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL), we believe that there is already significant alignment between these laws and the EU’s privacy laws, including the GDPR. Where there are differences between these laws, Safe Software is taking active steps to ensure we meet the unique requirements of the GDPR for our EU customers. Our Privacy Policy contains more specific information.
The European Commission has found Canada to be among the countries providing adequate data protection for EU citizens. As a result of this decision, personal data can flow from the EU to Canada without any further safeguards, such as Privacy Shield certification, being necessary. In other words, data transfers to Canada can be treated as the same as intra-EU data transmissions.
Safe Software acts as both a data controller and a data processor. Safe Software is a data controller when we collect and process your information to set up your account, process your orders, manage the FME Community, or respond to your requests for technical support. Safe Software acts as a data processor when you use FME Flow Hosted to process personal data. We expect that most customers are not using FME Flow Hosted to process personal data, but if you are and you require a Data Processing Addendum (DPA) then you can download, sign and return our standard DPA.
Sub-Processors
For our FME Flow Hosted platform, we use the following sub-processors:
| Third Party Service | Country | Purpose | Data Shared |
|---|---|---|---|
| Braintree | USA | Payment Service | First and last name, billing address, credit card, transactions |
| Auth0 | USA | Authentication Provider |
Required: IP address, email Optional: name and other biographic info |
| Postmark | USA | Email Service | First and last name, email address, information related to account (account name, instance name, credits, members of account), billing address and account usage (because of invoices) |
| Librato | USA | Instance Monitoring | Metrics from instance (network usage, disk space, CPU usage, response time), Alerts (account name, instance id, alert id, alert trigger conditions) |
| MaxMind | USA | GeoIP Lookup | User IP address |
| AWS Amazon | USA, Ireland, Germany, Canada, Australia, UK, Sweden | Platform Hosting & Data Storage | Customer instances and data stored on location of customer’s choice |
| SalesForce | USA | CRM & LiveChat | First and last name, email address, user id, account id, billing address, cloud usage and billing (not including credit card info), support cases |
| Airbrake | USA | Error Tracking | User id, account name and id, instance name and id |
| Datadog | USA | Centralized Logging | User id, user ip, usage pattern |
| OpsGenie | USA | Operations Notification | Account name and id, instance name and id |
| AppSignal | Netherlands | Application Performance Monitoring | Account ID, User ID |
Notification Services (opt-in)
| Slack | USA | Alerting |
| Postmark | USA | Alerting |
Last Updated: April 13, 2023