General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation that came into force on May 25, 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.

BlackFog products have been designed to be GDPR compliant and limit the collection of personally identifiable information whenever possible. In fact BlackFog products have been specifically designed to limit data collection by third parties. The following information is collected by each edition.

  • All personal editions of BlackFog ensure that data remains on each device. The only outbound data sent to BlackFog consists of license verification and the lookup of unknown IP addresses for the purpose of threat detection and blocking.
  • Enterprise and MSP editions of BlackFog additionally send alerts to a centralized cloud console for monitoring attacks across devices. This information includes the device name, specifications, the potential threat location and activity. Data from the console is stored for 90 days unless otherwise extended by the customer and then purged.

Customer records are retained while a customer has an active account with BlackFog and is purged within 90 days of ceasing to be an active customer. No credit card information is ever stored with BlackFog. This is directly handled by the current financial transaction provider.

Third-Party Processors

Our Data Processing Agreement (DPA) outlines the details of all third party processors utilized and the various controls implemented.

Data Export Request

Under GDPR businesses are required to provide customers with the ability to export their data, so they can see what has been collected. You can submit an online request using the form on our data privacy statement.