Where is your data stored?
For storing your data, we use two service providers.
Amazon Web Service RDS
You can read about AWS's GDPR compliance at their website here.
We use AWS to collect:
Name
Email address
Job title
Location
User generated transactional data
MongoDB Atlas
You can read about MongoDB Atlas's GDPR compliance at their website here.
We use MongoDB to collect:
User generated transactional data
Xero data (invoices, bank transactions, chart of accounts)
Is data transferred out of the EU?
We share data both internally within the Figured group, sub-processors (Figured Sub-Processor List), and externally with our partners and with those you direct us to as described in this Notice.
When we do this your Personal Data may be transferred, stored or processed in the United States where our data hosting provider's servers are located, or other countries outside of the European Economic Area or the country where you live. These transfers are necessary to provide our services.
If you are in the European Economic Area, this means that your Personal Data is transferred outside of the EEA.
These transfers are necessary to provide our services, and we utilise standard contract clauses, ensure the entity is Privacy Shield Certified, or rely on the European Commission's adequacy decisions about certain countries (like New Zealand).
For further information please contact us at privacy@figured.com.
Does Figured perform high-risk processing?
Following an assessment of our data processing activities both current and planned, we do not perform what would be considered high-risk processing of sensitive data.
Therefore we have not carried out a Data Protection Impact Assessment as would be required under Article 35 – Data protection impact assessment.
This statement will be reviewed quarterly as part of the general review of our GDPR compliance.
Data Retention and Disposal Policy
You can download the latest version of our full Data Retention and Disposal Policy below