FAQ / Security & Privacy / What do you do about General Data Protection Regulation (GDPR)?

What do you do about General Data Protection Regulation (GDPR)?

Algolia is in full GDPR compliance. We have adjusted our Terms of service to reflect this.

Privacy and security are critical to everything we do.

Security Status

  • Security audit (SOC2 Type 2) - Done
  • Mapping of security & privacy measures - Done CAIQ
  • Data store mapping - Done
  • Establishment of DPO - Done
  • Data Processing Addendum (DPA) - Done
  • Storage of customer’s DPO and security contacts - Done
  • Terms of Service with GDPR provisions - Done
  • Notification of customers about changes in conditions and DPA - Done

To discuss more details about GDPR, you can contact us at gdpr@algolia.com.

Common Questions & Answers

Is my service going to change because of GDPR?
No, nothing changes in the scope of provided services.

Do you have GDPR compliance Terms of Service already?
Yes, we posted our revised Terms of Service on April 25, 2018. Please see link

Will you send us a Data Processing Addendum?
You can find our Data Processing Addendum (DPA) here. If you are a customer or represent a customer established in the EU, EEA or Switzerland, please sign the DPA on pages 11, 20, 22, 23 and return to privacy@algolia.com.

Will I be able to use Algolia in all regions around the world?
Yes, Algolia complies with GDPR when providing its services all around the world.

What security measures do you have in place?
You can take a look at our CAIQ 3.0.1 report for the Cloud Security Alliance where we declare the state of our security measures. Algolia is also SOC2 Type 2 audited organization and complies with all the Security, Availability and Confidentiality requirements.

What do you use personal data for?
We only use personal data in accordance with the Agreement, your instructions and to provide the Services. We value your privacy, and we’ll do everything we can to protect it.

How long is the data retained?
We retain the data for the duration of your service and after that for a maximum of 90 days.

Can I delete my personal data or that of my end users?
Yes. Find out how to delete your personal data or how to delete your user’s data.

Where can I enter details about my Data Privacy Officer (DPO), and other such contact information?
Our Dashboard has a page devoted to data privacy contact information, such as the name, email, and phone of the Data Privacy Officer (DPO), EU Representative, and Security contact. See our Data Privacy Contact FAQ.

Are you processing data outside of EU?
Algolia, Inc. is a USA based company with subsidiaries in France and UK operating our services globally in more than 15 regions. Your data primarily stays in regions where you decide your data to reside. Logs of search queries and operations can be processed outside of the EU but always stay in a system respecting privacy and security.

Are there free usage units so that you can violate my privacy?
No! The units are free because we like to support our (developer) community. There are no hidden intentions. We comply with GDPR with all our plans.

Can I discuss more details about GDPR and how you’re approaching it?
Definitely! We like GDPR and like to discuss it. Contact us at gdpr@algolia.com

Did you find this page helpful?