How do software companies become GDPR compliant
On May 25, the EU General Data Protection Regulation (GDPR) came into force to protect EU citizens from data-hungry software companies. It ensures the proper handling of personal data of a person from other persons, organizations or companies within the EU. Our messaging service is 100% compliant and therefore "GDPR-perfected". On this page we try to give you a comprehensive overview of all our measures.
We support your compliance
Regardless of whether you are a cloud or server customer, we are always available to support you in the compliant use of our service. Be it the configuration of your Grape installation, the setup of data exports, the correct administration of the chat organization and the users or the deletion of former users.
GDPR & Grape Cloud Service
When you use Grape Cloud, your data is stored in our server data centers. We are the data processor and you are the data controller within the meaning of the EU data protection directive.
GDPR & Grape On-Premise
When you use Grape On-Premises, it means that our messaging service runs on our customers' servers. In this case we are a data processor and not a data controller. Customers receive a license for the software and are therefore responsible to the GDPR.
Fulfillment of the contract
Our customers can use a data processing
Request an agreement to contractually ensure proper processing.
Request data processing agreement
To our privacy terms
Organizations, the instance of your company in Grape, including all users and data, can be completely deleted. This function is available to the organization creator. To delete them you will need to enter your password. If two-factor authentication is activated, you will receive an email with a confirmation link. After completion, the organization will be completely deleted from our database.
If your company is on a backup copy (which was made before deletion), the corresponding organization ID is stored in a separate log. If the backup is restored, Grape will manually destroy your organization's backup.
The organization creator has the authorization to export all data for the entire organization. To protect private conversations, the creator can only export chat content to which he has access. Private messages or chat content from other users' private groups are not exported. When exporting, a private ZIP file is generated that can be downloaded.
Manual deactivation of individual users is possible at any time. If you manage users through systems such as Active Directory or provide a login through SSO, deleted users can be automatically deactivated through Grape.
Additional functions of the on-premises solution
Information to be provided if personal data are collected from the data subject (Art. 13) and records of processing activities (Art. 30)
- Corporate customers receive a detailed table that shows which data is stored in which locations, including the storage time
- Another table indicates when information must be passed on to third parties
- Technical information such as ports and host names are documented here.
Right to rectification (Art 16)
- Information such as names or e-mail addresses can be received directly from identity providers such as Active Directory and are synchronized regularly. If something is changed through an identity provider, no further changes are required.
- Users can change the Grape-specific data themselves at any time if necessary.
- If it is not possible to change data in Grape, the server versions of Grape allow changes in a separate administration area.
- A database administrator can modify or delete messages from Grape as needed
Right to deletion ('right to be forgotten') (ART 17)
- Entry level:Grape Enterprise Admins can delete groups, integrations and memberships via a separate administration area.
- Message level:A database administrator can overwrite or delete messages if necessary.
Records of processing activities (Art. 30 GDPR and Chapter 5)
- 2-factor SMS authentication: SMS gateway can be changed as required (standard SMS gateway provider: IXOLIT GmbH, Mariahilfer Straße 77-79, 1060 Vienna / Austria)
- Processing security (Art. 32 GDPR):More info
- Encryption of internal transactions:We can help you set up reverse proxies and edge servers
- Proxy:All HTTP requests from the
- Limitation of the link preview: You can set up blacklists and whitelists for link previews
- Storage and virus scanners: Uploaded files can be stored on your compatible and virus-scanned media infrastructure
- Backups: Ready-to-use cold and hot backup scripts - Learn more
- VM backup: Alternatively, if Grape is running in a VM, you can store the entire VM through hypervisor
- Monitoring: We offer ready-made monitoring scripts for corporate customers
- Logging: Log all administrative actions for better compliance
Grape Server Administration (Art. 25 GDPR)
- Custom session cookie age: The time in seconds after which a cookie will automatically expire. Standard: 86400 (1 day)
- Time between full AD resynchronizations in minutes: The time to wait between full user / group synchronizations when using Active Directory. Setting this value low will affect performance. It is recommended that you keep the default setting and manually resume synchronization if necessary. Standard: 1440 (1 day)
- Apollogasse 4/7
1070 Vienna, AT
- +43 680 2205255Mon - Fri 9am - 5pm (CEST)
The latest Grape News - in your inbox every month.
- What is a taboo for you
- Is the online education services industry useful
- Which machine gun is the lightest
- What is a tragedy of the black hole
- Why are Americans so obsessed with ethnicity?
- How do you deal with our diabetes epidemic
- What is a good affordable vacuum cleaner
- Neurons can form a brain tumor
- Nigerians are black
- You can legally own property on Mars
- What is Star Wars The Mandalorian about
- Which Indonesian word has no English equivalent?
- Do you like to live in London?
- Why should someone be racist
- Why are farmers important
- Who will benefit when the UK leaves the EU?
- How many cars are there in AU
- How important is sex in life 1
- Caffeine is good for me
- How Survey Websites Make Money
- How do I find a good CPA
- Children still give each other nicknames
- Eats a lot of mints badly
- What is the best store-bought biscuit