<img height="1" width="1" src="https://www.facebook.com/tr?id=1824058264555430&amp;ev=PageView &amp;noscript=1">
AppSheet's support of GDPR

GDPR

AppSheet's GDPR Compliance Plan

Overview

We are committed to working with customers, partners, and other stakeholders to meet the requirements for the General Data Protection Regulation (GDPR) that goes into effect on May 25, 2018. The GDPR impacts multiple AppSheet platform stakeholders and we want to make sure you are aware of, and up-to-date on, any changes we introduce in preparation for GDPR compliance.

If you’re a new app creator, app user, vendor, technology partner, or are considering becoming any of those, this page describes our plans and provides other resources that will help you achieve GDPR compliance. 

AppSheet's Plan

The AppSheet platform has been created with Privacy, Confidentiality, and Security by design. This means that  you can create and share apps in a secure way, keeping control of who has access to your data and where your data lives. Since the AppSheet service can be a controller and a processor of personal data, we will continue to keep all platform users informed of how we plan for compliance in both areas of GDPR. 

Preparing for GDPR

Privacy is one of the core pillars of the AppSheet platform. This gives teams and individuals the ability to create secure applications using their own data and define the security and privacy model for them. In order to do so, we make sure that the existing and future capabilities of the platform match or exceed our commitment to privacy and security. Some of the capabilities available in AppSheet are:
  • Ability to tag any field as sensitive data.
  • Ability to apply security filters to any table used in AppSheet apps.
  • Ability to restrict access to applications using oAuth 2.0 authentication.
  • HTTPS data transmission.
  • Ability to conditionally restrict read/write access to any field in a table.
  • Ability to request a complete deletion of an AppSheet account. 

As part of our GDPR compliance journey, AppSheet has achieved SOC 2, Type 1 compliance. SOC 2 focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. Additionally, we've performed a personal data audit across the AppSheet technology stack, identifying all parts of the platform that may store personal data, reviewing the privacy commitments of all technology partners, and allowing for data deletion upon request or anonymization where possible. 

Updating

As we identify the different areas to update and review, we implement changes in the platform and processes to comply with regulations. We have introduced multiple changes to our control environments and platform to support these changes. Our plan for May 2018 includes the following changes:
  • Required user acknowledgement upon account creation.
  • Privacy notice reminders to app creators and users.
  • EU-US and Swiss-US Privacy Shield.
  • User deletion tools.
  • Security and privacy controls for App Creators.
  • Data transfer tools.
Educating

Thousands of App Creators use AppSheet to deliver mobile apps to their teams, colleagues, customers, and other stakeholders. It's possible that the data captured and displayed through those apps are personal data as defined by GDPR. We want to make sure all stakeholders are aware of the commitments they must have to controlling or processing personal data. 

AppSheet's help site contains multiple articles that reference data security and privacy. During the months of April and May 2018, we will broadcast multiple communications to our stakeholders to increase awareness around GDPR and recommend that app creators review this site and other resources to make sure their apps, and the data they manage in them, is GDPR-compliant.

What's Next—Our Timline

January 2018: Completed

  • Audit of control environment.
  • Platform update.

April 2018:  - Completed

  • Privacy Policy Update.
  • Educational content sent to people creating apps with AppSheet.
  • Enforce GDPR feature updates to the platform, making sure app creators acknowledge their responsibility to create compliant apps.
  • Privacy Shield Framework certification.
  • Platform updates around user opt-in and account/profile deletion.
  • Plan updates in our blog.
May 2018: - Completed
  • New: We updated our Privacy Policy on May 21st and aligned it with Privacy Shield principles.  
  • Full enforcement of updated policies prior to May 25th.

Stay Updated

We'll update this page as new information and resources become available. Please bookmark this page as a reference for your AppSheet-related GDPR compliance resources. Meeting compliance commitments around privacy and security is important to us. If you have additional questions or need to review custom contractual settings with your business, please contact us at infosec@appsheet.com. Here are some resources you may want to review:


GDPR and AppSheet Data Connections

AppSheet connects with leading cloud storage providers. The links below are provided as a convenience—we recommend you audit and map out all your technology providers and how they are preparing for GDPR. Learn more about their commitments to GDPR: