As the leading data movement platform, we understand the importance of privacy, confidentiality and responsible handling of data. Our approach to data protection is multifaceted and designed to comply with over a hundred data protection regimes and frameworks across the globe.

Our key security features include column blocking and hashing, encryption and metadata logging. Beyond these, we’ve implemented several measures to ensure full compliance with the GDPR and other data protection laws. 

• Fivetran privacy framework: We use the AICPA/CICA (American Institute of Certified Public Accountants/Chartered Institute of Management Accountants) Privacy Maturity Model to measure the success of our privacy program. Our philosophy incorporates “privacy by design” and “privacy by default,” but we go further by emphasizing dedicated personnel, strict policy enforcement and continuous monitoring. In essence, we believe privacy means handling personal data responsibility and in line with customer expectations.
• Handling Data Subject Access Requests (DSARs): We have established processes and specialized personnel to manage both DSARS and privacy complaints through our privacy@fivetran.com email.
• Cross-border transfers: Fivetran is certified under the EU-US, UK extension and Swiss-US Data Privacy Frameworks. We also use Standard Contractual Clauses (SCCs) and provide Transfer Impact Assessment (“TIA”) upon request to ensure compliant cross-border data transfers.
• Subprocessor list: We maintain a list of global subprocessors and affiliates and provide notice for any additions to this list, ensuring transparency. 
• Data residency: We offer data residency options across 20+ major cloud regions worldwide, with features like geographically bounded access, in which there is no data sent out of a designated cloud region without your permission, as well as private networking to keep your data within designated regions. 
• Diagnostic data access: Diagnostic data access by Fivetran is strictly controlled and requires explicit customer approval.
• Data protection assessments: We conduct regular Privacy Threshold Assessments (PTAs) and Privacy Impact Assessments (PIAs) following ISO privacy standards to ensure compliance with multiple international privacy laws. Our privacy engineering playbook guides our engineers in building with privacy in mind.
• Data mapping: We maintain a detailed data inventory for our systems, ensuring compliance with the GDPR’s Record of Processing Activities (ROPA) requirement using third-party tools. The inventory includes details of data types being processed, such as the data field and whether or not it is sensitive personal data, descriptions of the processing being performed, and transfers of personal data. In addition, our tool provides insights to ensure we have the correct contractual language in place with our third-party vendors.‍
• Data retention: Fivetran has taken efforts to minimize the duration when customer data is processed in our systems, aligning with GDPR principles.‍
• Cookie consent management: We manage cookie consent in line with the GDPR and and conduct quarterly audits to ensure ongoing compliance.

At Fivetran, building a platform with privacy in mind is crucial to maintaining our customers' trust. As the leader in automated data movement, we strive to make Fivetran easy to use while keeping privacy a top priority. For more information, contact our sales team at sales@fivetran.com. To report a privacy concern, email us at privacy@fivetran.com or DPO@fivetran.com.

[CTA_MODULE]

‍