General Data Protection Regulation (GDPR)

Aha! is committed to information security and to the appropriate treatment of personal information to meet the requirements of the General Data Protection Regulation (GDPR). The GDPR is a European privacy directive that strengthens the security and protection of personal data provided by individuals who reside within the European Union (EU).

As a demonstration of our commitment to security, Aha! is ISO 27001 certified and undergoes annual external information security audits.

Aha! Data Processing Agreement

For customers who might be working with personal data of users in the EU, we offer a data processing agreement (DPA). This includes the standard contractual clauses that have been approved by the European Commission to protect the transfer of personal data outside of the European Economic Area (EEA).

To execute the Aha! DPA, please complete the following steps:

  1. Download the Aha! DPA here.

  2. Complete, sign, and return the DPA to Please tell us which Aha! account subdomain the DPA applies to.

  3. Aha! will countersign the DPA and return a signed copy to you.

Our commitment to data protection

We are committed to meeting the requirements of the GDPR. Our privacy policy provides detailed information about how we collect and process your personal information. We also maintain specific security features that are built directly into the Aha! application to ensure that customer data is kept safe.

Helping our customers comply with the GDPR

Customers can choose to turn on our idea management capabilities and use the Aha! application to collect and analyze product ideas provided by individuals who may reside in the EU. In this case, our customers are required to demonstrate how their use of Aha! is compliant with EU privacy laws. We provide a number of features that support GDPR compliance.

  • Manage idea visibility. You have full control over the visibility of ideas submitted to your ideas portal. This includes options to make ideas visible to anyone, to employees and partners, or not visible in the portal. You can also delete ideas.

  • Hide portal usernames. Aha! allows you to make usernames private within your ideas portal. This option is available for public and private portals.

  • Delete portal users. Account administrators have the ability to delete ideas portal users. This removes a user’s account, name, and email address from the portal.

  • Unsubscribe portal users. Account administrators can turn off notification emails for portal users who want to opt out.

  • Disable all ideas portal emails. This setting allows you to turn off all notification emails for an entire ideas portal.

  • Capture portal consent. This setting allows you to request additional consent from portal users and to explain how you will process their personal data.

If you have questions regarding the GDPR requirements and how they may impact your use of Aha!, please contact us by email at