Data Privacy and GDPR

The General Data Protection Regulation, or GDPR, is an EU regulation that establishes a new legal framework to protect the personal data of EU residents. Organizations that are established in the EU, as well as organizations that process personal data of EU residents, are required to comply with the GDPR. With this page we want to explain you how we are committed to GDPR compliance.

Data Processor vs. Data Controller

If you are a Momentum customer, your organization acts as the data controller for any personal data provided to Momentum. The data controller determines the purposes and means of processing personal data. Momentum acts as the data processor, processing data on your organization’s behalf when you use one of our products.

If you are a Momentum customer and handle information about EU citizens, we advice you to download our Data Processing Agreement, sign and send back a copy to us via e-mail to: info@momentumtools.io

Data Processing Agreement

Safe and secured

We ensure a level of security appropriate to the risk and in line with article 32 of the GDPR.The backups and the Podio access tokens are encrypted using 256-bit Advanced Encryption Standard (AES). Applying the best practices of Encryption methods, we use a different initialization vector for every record, meaning it is virtually impossible to extract the data via reversed engineering. All the data is stored in Amazon Cloud (Dublin, Ireland). The backup happens over an encrypted connection that uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to create a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.

Momentum uses the following sub-processors

We are required by law to provide our customers with an updated list of our sub-processors that we use to provide the best possible service to you. We are confident that these providers (data processors) have a highly robust approach to data protection, understand the obligations of the GDPR and are well prepared to meet them.
*last update 2018-05-17

NameType of processingPlace of processing
Amazon               Server infrastructure                  EU
HerokuServer infrastructureEU
GoogleInfrastructure and e-mailEU
PodioInfrastructureEU
Lucky OrangeError managementEU
App SignalError managementEU
SidekiqLoggingEU
LogentriesServer infrastructureEU
RedislabsServer infrastructureEU