Aha! is committed to information security and to the appropriate treatment of personal information to meet the requirements of the General Data Protection Regulation (GDPR). The GDPR is a European privacy directive that strengthens the security and protection of personal data provided by individuals who reside within the European Union (EU).
In addition to complying with the GDPR, we also maintain an EU-U.S. Privacy Shield certification with the U.S. Department of Commerce. This ensures that sufficient safeguards are in place when we transfer personal data from the EU to the U.S.
As a demonstration of our commitment to security, Aha! is ISO27001 certified and undergoes annual external information security audits.
For customers who might be working with personal data of users in the EU, we offer a data processing agreement (DPA). This includes the standard contractual clauses that have been approved by the European Commission to protect the transfer of personal data outside of the European Economic Area (EEA).
To execute the Aha! DPA, please complete the following steps:
Customers can choose to turn on our idea management capabilities and use the Aha! application to collect and analyze product ideas provided by individuals who may reside in the EU. In this case, our customers are required to demonstrate how their use of Aha! is compliant with EU privacy laws. We provide a number of features that support GDPR compliance.
If you have questions regarding the GDPR requirements and how they may impact your use of Aha!, please contact us by email at firstname.lastname@example.org.