The Cheddar team has been hard at work getting ready for the European Union’s new data protection laws. As a company that you trust with billing and the sensitive data that entails, Cheddar has always taken data protection and access very seriously.
Many of the features required by the GDPR have been built into our platform since the beginning, and we’ve maintained PCI compliant security measures and sub-processors for several years. However, the GDPR did provide us with an opportunity to make some improvements and add some clarity to how we process data.
The new policies include:
Changes to our internal procedures include:
We’ve also developed a Data Processing Agreement that our users can sign with us. This isn’t a requirement for all of our users, but if you need a DPA, please contact us at email@example.com.
According to the GDPR, our users would be considered data controllers, while Cheddar is your data processor. Depending on your implementation, you might also be using some add-on features that involve additional processors and sub-processors. We’d like to clear up the difference between built-in Cheddar features and external processors outside of Cheddar, so you know who to contact if you need help with GDPR compliance issues.
Payment Processors: Cheddar has multiple payment processor/gateway options:
Email Notifications: You can choose to enable customer communications in your Cheddar dashboard.
Webhooks: You can use a custom hook listener or one of our third party integrations (Zapier, Campaign Monitor, or Campfire). In all cases, these are handled like external providers: you manage these relationships and choose where that data is sent.
Hosted Pages: Hosted payment pages are provided by Cheddar and the data your customers provide goes directly to the Cheddar platform. There are no additional sub-processors involved.
We have features built in to Cheddar’s core service that will help you control and access your customers’ data:
(For more information about the API calls, see our docs)
These features apply to the data stored in Cheddar’s core platform. However, if you use any of the optional add-ons mentioned above, there might be some extra steps to fulfill a GDPR-related data request. Just shoot us an email at firstname.lastname@example.org, and we’ll be glad to help!
If you’d like to exercise your rights under the GDPR and make a request concerning your data in Cheddar, we take care of that too. We actually use Cheddar for billing and managing our users (Cheddar-ception), so we have all the tools we need at our disposal. Reach out to us at email@example.com to make a request.
We’ve made these changes according to existing guidance and best practices for GDPR compliance, but this situation will continue to develop as the law is put into practice. We’ll be on the lookout for new developments! Going forward, we’ll continue to update our platform to offer the most up-to-date standards for control, access, and transparency about the data you share with us. This might mean more emails from us in the future, but don’t worry, we’ll make sure we have your consent first.
If you have any questions about compliance, don’t hesitate to contact us at firstname.lastname@example.org.