16 May 2018

What do you do about General Data Protection Regulation (GDPR)?

Privacy and security are critical to everything we do. Algolia is actively working towards full GDPR compliance ahead of May 25, 2018. We’re making very good progress and we’ll reach out soon to you with our updated Terms of Service as well as Data Processing Addendum to amend our contracts.

To discuss more details about GDPR, you can contact us at gdpr@algolia.com.

Status / Roadmap

  • Security audit (SOC2 Type 2) - Done
  • Mapping of security & privacy measures - Done CAIQ
  • Data store mapping - Done
  • Establishment of DPO - Done
  • Data Processing Addendum (DPA) - Done
  • Storage of customer’s DPO and security contacts - Done
  • Terms of Service with GDPR provisions - Done
  • Notification of customers about changes in conditions and DPA - Done

Common Questions & Answers

Is Algolia going to be compliant?
Absolutely yes! We’re big supporters of GDPR.

Is my service going to change?
No, nothing changes in the scope of provided services.

Do you have GDPR compliance Terms of Service already?
Yes, our revised Terms of Service were posted on April 25, 2018. Please see link

Will you send us a Data Processing Addendum?
You will find our Data Processing Addendum (DPA) here. If you are a customer or represent a custom established in the EU, EEA or Switzerland, please sign the DPA on pages 11, 20, 22, 23 and return to privacy@algolia.com.

Will I be able to use Algolia in all regions around the world?
Yes, Algolia is subject to GDPR and will comply with GDPR when providing its services around the world.

What security measures do you have in place?
You can take a look at our CAIQ 3.0.1 report for the Cloud Security Alliance where we declare state of our security measures. Algolia is also SOC2 Type 2 audited organization and complies with all the Security, Availability and Confidentiality requirements.

What do you use personal data for?
We only use personal data in accordance with the Agreement, your instructions and to provide the Services. We value your privacy and we’ll do everything we can to protect it.

How long is the data retained?
The data is retained for the duration of your service and after that for a maximum of 90 days.

Are you processing data outside of EU?
Algolia, Inc. is a USA based company with subsidiaries in France and UK operating our services globally in more than 15 regions. Your data primarily stays in regions where you decide your data to reside. Logs of search queries and operations can be processed outside of the EU but always stay in a system respecting privacy and security.

The Community/Free plan is free…is it free so that you can violate my privacy?
No! The Community/Free plan is free because we like to support our developer community. There are no hidden intentions. We comply with GDPR with respect to our Community/Free plans as well

Can I discuss more details about GDPR and how you’re approaching it?
Definitely! We like GDPR and like to discuss it. Contact us at gdpr@algolia.com