Security, Privacy, and GDPR Compliance


We take security and customer privacy seriously at DataFox, and have built protections into every level of our product and organization.

Our Team

Our engineering leadership helped construct the security and compliance controls for leading enterprise software companies, and have built DataFox from the ground up with those controls in mind. We perform criminal background checks on all potential hires, and employees undergo ongoing security training. We follow the “principle of least privilege” and grant access to sensitive data only as required.


  • All data is encrypted in-flight and at-rest using military-grade encryption
  • Core permissioning system to govern access to your data, both by other users or DataFox employees
  • Industry best-practice hardening of systems
  • Annual third-party penetration tests
  • We are currently undergoing an independent SOC2 security audit to independently validate our controls

Privacy and Confidentiality

  • We will never share your data with other customers, partners or third-parties
  • We are comfortable with highly-regulated industries like finance and government, and our customers include Fortune 500 enterprises
  • We are committed to complying with GDPR and any future privacy regulations


  • 99.5% uptime SLA
  • 24/7/365 on-call
  • We are deployed redundantly with backups for high availability and disaster-resilience

Where Can I Report an Issue?

Please send all inquiries and questions to

How DataFox is Complying with GDPR

At DataFox we take security and privacy seriously, and welcome GDPR protections. Our compliance is built on two pillars:

First, we collect data on companies rather than individuals, and so do not store or process personal information. This means we do not store “personally identifiable information” (PII) as part of our integrations, and do not pose a compliance risk of transferring PII into your system that violates GDPR protections.

Second, we have built security and privacy into the core of our platform. Our engineers and leadership come from enterprise software companies, and our customers work in highly-regulated industries like finance and government. We follow industry security best practices to protect your data, including military-grade encryption in-flight and at-rest. We have built a core permissioning system to control who can access your data, whether they are fellow users or internal employees. We are currently undergoing an independent SOC2 audit to publicly validate these controls.

Updated Privacy Policy

Furthermore, to comply with GDPR requirements, we are updating our privacy policy to reflect the new privacy protections.

Data Processing Agreements

GDPR requires that all processors and sub-processors of personal data also be compliant with privacy protections, so we are putting in place data processing agreements with our vendors.

We also have created a GDPR-compliant data processing agreement for our customers, so please contact your customer success manager or email to request a version to sign.


GDPR compliance can be intimidating and we’re here to help. Please send any general questions to and send security questions to