airSlate and GDPR

airSlate’s goal is to enable our customers to automate their business workflows while processing the data of EU data residents in a GDPR compliant way.
Schedule demo
What is GDPR?

GDPR went live on May 25th, 2018. It became known as a global standard in protecting the privacy rights of individuals when it comes to handling the personally identifying information of EU residents.

The General Data Protection Regulation (GDPR) applies to both organizations operating within the European Union and organizations that offer goods or services to customers or businesses in the EU. The Regulation provides a single set of rules for protecting the personal data of all EU residents and visitors. In replacing the 1995 Data Protection Directive and increasing the bar on data protections in the EU, the GDPR’s primary objectives are to:

  • Establish personal data protection as a fundamental human right, including the individual’s right to access, correct, erase, or port their own personal data.
  • Strengthen the baseline requirements and responsibilities for ensuring personal data protection.
  • Provide a standardized application for data protection rules across the EU, thereby facilitating the legitimate flow of personal data within and beyond the EU and European Economic Area (EEA).

The GDPR lays out seven key principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability
What are the steps airSlate is taking to be GDPR compliant?

airSlate is a global organization that processes data on behalf of customers from around the world, including the EU. airSlate’s primary site for data hosting is located in the USA. However, some of our products may offer alternative hosting options. To inquire about using alternative hosting locations, please contact our team at

Data protection commitment

The airSlate team is dedicated to protecting the data that we process on behalf of our customers. We do not sell any personal data of our customers.

Our existing certifications and long-standing commitment to privacy frameworks have prepared us for complying with GDPR in a number of ways, including but not limited to:

  • Heavy continuous investments into a strong security infrastructure and relevant security certifications
  • A Dedicated Security Team
  • Minimizing data collection and ongoing reviews and limitations of data access inside an organization
  • Careful vetting of suppliers, subprocessors, and partners
  • Keeping a close eye on changes in GDPR and other international standards for privacy and data protection
  • Staying up-to-date with relevant contractual terms
  • Continuous assessment of data breach risks and best practices for managing them
Contractual Obligations

GDPR restricts the transfer of data outside the EU. Pursuant to GDPR, our Terms of Service cover transfers of data outside of the EU and specifically incorporate customer consent for such transfers. Our Terms of Service incorporates our Privacy Policy, which explains what kind of data airSlate collects and how we use it. Our Privacy Policy also provides the contact information of our privacy officer. Furthermore, our Privacy Policy incorporates our Data Processing Addendum, which incorporates GDPR’s Standard Contractual Clauses ("SCC") and describes the technical measures that we implemented in compliance with the Regulation.

Customer rights

Additionally, we are prepared to address any requests made by our customers related to their expanded individual rights under the GDPR:

  • Right to be informed: Our Terms of Service and Privacy Policy describe the kinds of data we collect, process, and store. You are encouraged to read and agree to the Terms of Service and Privacy Policy before signing up for airSlate.
  • Right to access: Our Privacy Policy describes what data we collect and how we use it. If you have specific questions about particular data, you can contact us at for further information.
  • Right to rectification: You may access and update your airSlate account settings at any time to correct or complete your account information. You may also contact airSlate at any time to access, correct, amend, or delete information that we store about you.
  • Right to be forgotten: You may terminate your airSlate account at any time and we will permanently delete your account and all data associated with it.
  • Right to restriction of processing: You may restrict or pause data processing by contacting us to submit your request.
  • Right to data portability: We offer users the ability to export their personal data to a third party.
  • Right to object: You may opt-out of your personal data processing for marketing, communication, and research purposes.
  • Right to avoid automated decision-making: airSlate respects user’s rights to not be subject to automated decision-making.

Ready to get started?

Contact us to learn how airSlate can benefit your organization.
Talk to Sales