100% Compliant with the General Data Protection Regulation
On the 25th of may the EU general data protection regulation (GDPR) was put into action. The aim was to protect EU citizens from data-hungry software companies. It ensures the proper handling of personal information of a person by other people, organisations or companies inside the EU. Our messaging service is 100% compliant with the regulation and therefore"GDPR-ready". On this page we try to give you an extensive overview of all our measures.
No matter if you are a cloud or server customer, we are always available to help you with the usage of our service. Be it the configuration of your Grape installation or the setup of data exports. We help with managing the chat-organisation and users, or deleting former users via identity providers.
If you are using Grape Cloud your data is stored on our server data centers. This makes us the data processor and you the data controller in the sense of the EU General Data Protection Directive.
Grape on-premises means, that our messaging service runs on the servers of our customers. in that case we are data processor and not data controller. Grape Server Customers get a license for the software and are therefore responsible in front of GDPR.
Our customers can request a Data Processing Agreement to contractually ensure the proper processing of their users.
Request Data Processing Agreement
If you use Grape, you can read up here on the privacy agreement you confirm on organisation creation.
Organisations, your company's instance within Grape, can be completely deleted. The erasing includes all users and data. This feature is available only to the organisation creator. To delete it, you need to enter your password. If two-factor-authentication is activated, you'll receive an E-Mail with a confirmation link. On completion the organisation will be deleted completely from our database.
The organisation creator has the permission to export all data of the whole organisation. To protect private conversations the creator can only export chat content that he has access to. Private messages or chat content of private groups of other users will not be exported. While exporting, a private ZIP-File is generated, that can be downloaded.
A manual deactivation of individual users is always possible. Users deleted via systems like Active Directoy are automatically deactivated via Grape. The same is true, if you provide login via SSO.