General Data Protection Regulation Zac Rosenbauer
General Data Protection Regulation
Precognitive takes privacy & security very seriously. Precognitive’s Platform is fully compliant with the General Data Protection Regulation (GDPR) and the EU-US Privacy Shield Framework.
GDPR Frequently Asked Questions
1. Can you process Personally Identifiable Information (PII)?
Precognitive’s fraud prevention services fall under the defined Legitimate Interests under GDPR (Recital 47). Legitimate interest is one of the ways organizations can process personal (PII) data. This enables Precognitive to process personal data within its fraud prevention products.
2. How is my customer data stored?
Precognitive takes a Privacy by Design approach across its systems and architecture. When applicable, personally identifiable information (PII) is protected using a one-way hashing, rotating encryption keys, or by not storing the data after initial processing (i.e. a decision). In case of a breach, all PII would be encrypted and be useless to whatever bad actor possessed the compromised data.
3. Can you handle a GDPR Rights Request?
Precognitive can adhere to any rights requests from customers as needed. Once the user is deleted from the system, the user’s data will not be accessible from our user interfaces or HTTP APIs.
Precognitive is SOC 2 certified and follows industry best practices in regards to privacy, confidentiality, and security. All data is stored within Google Cloud Platform which utilizes the highest levels of security. All communication is encrypted during transport and data integrity is maintained via a combination of (but not limited to) authentication, authorization, tokenization, and checksums.
5. If I have additional questions who can I reach out to?