Data security
Hello,
Please, can you send me the data policy of Workfloxy ?
For EU residents, are you complying with GDPR (General Data Protection Regulation) ?
Where are located your server ?
-
This is something we'd very much like to as well!
We're actively promoting Workflowy within some very large employers in the Netherlands, but GDPR compliance and server location keeps popping up as a major issue that prevents them from committing to (and paying for) Workflowy on any significant scale.Could you enlighten us as to what your current stance towards this is and what your plans are for the future? Please don't understimate the influence of this to the adaptation speed of Workflowy and, ultimately, to your bottom line!
Cheers
Mark
-
Hi Mark and Priscilla,
We do believe that we are currently GDPR compliant and are currently waiting on an audit process. So that information will be forthcoming.
Our servers are based in the US through AWS (Amazon Web Services), and we are backed up by their robust cloud-powered security.
-
That's good to hear!
And it's good to hear that an audit and official compliance will be forthcoming. I wouldn't at all be surprised if Workflowy is already compliant,Europeans companies however would like to be 100% certain that Workflowy is and will be guaranteed to be compliant. That will greatly help in creating enough trust for companies to put their data that is personally identifiable into Workflowy as well and will greatly increase the scope of things for which Workflowy will be useful.
Cheers
Mark
-
Thanks for your reply Frank 😊
That sounds great. Our school, based in Denmark, is experiencing a surge of interest in using Workflowy in post-covid teaching. Its simplicity and powerful collaborative feature are a welcome extension of how much we used MS Teams during lockdown. Since I introduced my colleagues to Workflowy some years ago, in the time before GDPR, I have become our school's DPO. Therefor I can no longer actively push for proper adoption of Workflowy until it will be possible for us to sign a DPA.
Best regards,
Jákup
-
Hi Frank,
I'm also in the position of needing to know if personal and sensitive information is secure in workflowy.
One area of concern is with your Privay Policy, which states the user agrees to data being stored in the US. The Privacy Policy is from 2016, so I'm hoping there is an update. However, as it stands it means that all the data I put into Workflowy could be given to US authorities and my rights would be negligent as a non-US citizen.
Could you please tell me the position on this. It really means anyone outside the US could have their data taken with no recourse as they are not US citizens.
I should add the my understanding is that to be GDPR compliant data cannot be taken outside of the EU?
-
Hi! We're on the cusp of releasing the latest privacy policy. We've been working hard on this with consultants. Just yesterday our entire Team underwent GDPR training. We have to comply with EU regulations and that will be made clear in the new privacy policy/ DPA.
To be GDPR compliant does not mean that data cannot be taken out of the EU. Our servers are based in the US with AWS. We need to observe GDPR laws wherever our servers happen to be, and we would incur infringement fines all the same, which are rather hefty.
-
Hi @SV and company,
@SV If I deleted your post, it must have been for good reason. I can't quite remember why. But I do recall having deleted a forum post recently... which is the first time in a very very long time. Feel free to post again so I can have a look at it and remember why it is. I delete posts that are inappropriate... and I can't remember the content. I've got a lot to get through on several platforms.
Update to the privacy policy: I can't wave a wand and make it happen as soon as I personally would like to have it ready. The entire team went through GDPR training (a significant effort) and we've had our lawyer and consultant/ specialist go through everything in the most excruciating detail. The Data Processing Agreement was just signed by our CEO and it's not long before the corresponding team member posts on a dedicated WorkFlowy web page.
One and all, please feel free to join our users group on Slack. For some reason the Zendesk forum here is like a ghost town. There are many more WorkFlowy users engaging and interacting here:
https://join.slack.com/t/workflowyusergroup/shared_invite/zt-s867uw4j-hxIqSvU7n6e7gXKwpjVWbw
-
Hi @SV,
I just checked deleted comments... and there are 3 all-time comments deleted that I find... and the last one I deleted was a double post. I don't see anything of yours that was deleted. Please go ahead and post here again if you wish. I'm not sure what this is about. You mentioned, "not only did not post my last post"... well, there is no process where anyone has to approve posts. EVERYTHING gets posted automatically... Posts go through as soon as you post them. No one sorts through the "good and the bad fish". So I believe you've jumped the gun here and have canceled your account with no intervention from another living being. I have no recollection of having deleted a post that would otherwise be in our trash can. I hope that you will choose of your own accord to take WorkFlowy up again.
-
@HTHawks
I've been having a private exchange with Workflowy. The Long and short of it is that Workflowy have no immediate plans of offering other AWS locations other than the US to their customers. This means all data is stored in the US. Non-US citizen's are afforded no guarantee to privacy by US surveillence. The Court of Justice of the European Union (CJEU) ruled that US surveillance laws are in conflict with EU user privacy (https://noyb.eu/en/cjeu). To quote from the article:
The Court was clear that the far-reaching US surveillance laws are in conflict with EU fundamental rights. The US limits most protections to “US persons”, but does not protect the data of foreign customers of US companies from the NSA. As there is no way of finding out if you or your business are under surveillance, people also have no option to go to the courts. The CJEU found that this violates the 'essence' of certain EU fundamental rights.
With that in mind as a British citizen, I have deleted all my data off Workflowy and cancelled my subscription. Should Workflowy at some future point feel they want to protect the data of non-US citizens by providing AWS storage within the user's local legal jurisdiction I may reconsider, but as it is Workflowy have left non-US citizen's with no protection from US surveillance.
There is an interesting discussion on this on Mac Power User Forums here
Please sign in to leave a comment.
Comments
21 comments