Help Center
Frequently Asked Questions
Data Security
Who can see my personal and team notes?
Does Notejoy offer encryption?
How does Notejoy ensure high availability & prevent data loss?
Can I take my data out of Notejoy?
How does Notejoy protect my data from being hacked?
How does Notejoy protect my credentials?
Where can I learn more about Notejoy's security practices?
How does Notejoy provide GDPR compliance?

How does Notejoy provide GDPR compliance?

What is GDPR?

The GDPR, or General Data Protection Regulation, is a European privacy law that went into effect in May of 2018. It regulates how personal data of individuals in the EU can be collected, used, and processed by businesses. The law impacts both European companies and businesses with European contacts.

What is Notejoy’s role in GDPR compliance?

Notejoy provides full compliance with GDPR. Notejoy acts as both a Data Controller as well as a Data Processor within the realm of GDPR compliance.

As a Data Controller, Notejoy is responsible for safeguarding the data of our customers as they interact directly with Notejoy. Our Privacy Policy governs how we collect, use, and process customer data.

As a Data Processor, Notejoy is responsible for safeguarding the data of our partners' and customers' users as it flows through our system. Notejoy offers a Data Processing Addendum for those using Notejoy as a Data Processor.

Does GDPR affect you?

If you are based in the EU or do business in the EU, then GDPR does affect you. GDPR has a long reach. If you have any EU personal data in your Notejoy account, such as names, addresses, emails, or anything personally identifiable, GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third-party vendors you rely on, including Notejoy. These agreements are commonly called a Data Processing Addendum, or DPA.

Does Notejoy offer a Data Processing Addendum?

Processing EU personal data must be governed by a contract. We provide a standard Data Processing Addendum (DPA) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed.

The following DPA has been pre-signed on behalf of Notejoy. The Standard Contractual Clauses in Exhibit B have been pre-signed by Notejoy as the data importer.

To complete this DPA, you must:

  • Complete the information in the signature box and sign on Pages 7, 10, and 17
  • Complete the information as the data exporter on Pages 10 and 19
  • Send the completed and signed DPA to Notejoy by email, indicating the customer email address associated with the account, to support@notejoy.com. Upon receipt of the validly completed DPA by Notejoy at this email address, this Addendum will become legally binding.

Download Notejoy's Data Processing Addendum

What Sub-Processors does Notejoy use?

Notejoy uses the following third-party Sub-Processors to provide our services. Each of our Sub-Processors has an executed DPA to ensure compliance under the EU GDPR requirements.

Any other questions?

For any GDPR or privacy-related questions, please feel free to contact us.