Skip to content

GDPR

Oneflow consistently prioritizes data protection across all departments of the organization. We are dedicated to fulfilling the requirements associated with data protection in the services we provide for our customers.

Oneflow conducts processing of personal data for its customers which means that Oneflow acts as a data processor in relation to the customers (data controllers).

For more information on our data protection obligations when processing personal data on behalf of our customers, click here to read our Terms of Use & Data Processing Agreement.

For information on how we process personal data in our role as data controller, click here to read our Privacy Notice.

Oneflow and GDPR

In our work with the GDPR, we make sure to have Data Processing Agreements in place, keep ourselves updated on the legal requirements relating to the GDPR and data protection, and of course that we as a company have adjusted our business operations to comply with relevant privacy legislation such as NIS2, the GDPR, UK GDPR and CCPA.

Amongst other things, Oneflow has implemented technical and organizational measures to protect all personal data processed by Oneflow from disclosure, removal, or modification.

Implementing appropriate security measures is important to us and a significant part of our business includes keeping up to date with information security standards and legislation. We have proactive measures in place through e.g. encryption, backup and impact assessments. Read more in the Oneflow Security center.

Oneflow is ISO27001, ISO9001 and ISO14001 certified. Read more about our certifications here.

Sub-processors

Secure storage and processing of data is of utmost importance to us. Oneflow’s services are hosted on Amazon Web Services (AWS), which stores the data in compliance with the regulations within the European Union. AWS’ safety work complies with the industry standard and CISPE. You can find more information regarding AWS through the links provided below.

Service and supplierData categoriesOptionalHQData centersSafeguard(s) for transfer of dataReference
AWS (Amazon Web Services, Inc.)
Primary cloud services provider.
The categories processed will depend on your selected use of the service as described in applicable DPA.NoUSEU (Ireland, Sweden)DPA,
AWS SCC
Compliance
GDPR center
Sub-processors
Pusher (MessageBird B.V.)
Real-time communications.
IP-addresses of your employees.NoEU (Netherlands)EU (Ireland)DPASecurity center
GDPR center
46elks (46 Elks AB)
SMS services provider.
Phone numbers of your employees and counterparties.YesEU (Sweden)EU (Sweden)DPAData Protection Policy
Freshdesk (Freshworks Inc.)
Service to manage support inquiries.
IP-addresses, names and email addresses of your employees.YesUSEU (Germany)DPASecurity center
GDPR center
Postmark (ActiveCampaign, LLC)
Transactional email service.
Used to send and receive all emails for the service, and as such it processes names and email addresses for all participants in the system.YesUSUSFor EU: SCC (2021)
For the UK: SCC (2010)

Postmark SCC
Security center
Privacy statement
Customer.io (Peaberry Software, Inc.)
Onboarding e-mails and flows.
Names and email addresses of your employees.YesUSEUFor EU: SCC (2021)
For the UK: SCC (2010)

Customer.io SCC
Security center
Privacy statement
Legly (Legly AB)
AI Services to review contractual data
The categories processed will depend on your selected use of the service.YesEU (Sweden)EU (Germany)DPAPrivacy Statement
OpenAI (OpenAI, Inc.)
AI Services to extract data
The categories processed will depend on your selected used of the service.YesUSUSDPATerms of Use

You can opt-in/out from the services listed as optional above as an administrator in your Oneflow account under “Data Management” or in the Marketplace.

Additional information for customers using Postmark

Oneflow uses Postmark for sending secure emails to our customers and their customers. For regulatory and compliance reasons Postmark is required to store the email subject and recipient email address for 45 days before being automatically deleted. This information is then stored in Postmarks sub-processors. The email content itself is not stored anywhere but simply processed through Postmark before being delivered to the recipient. The email content is not processed by Postmarks sub-processors. All data sent to postmark is encrypted in transit, and subject and email addresses are encrypted at rest. We are continuously working with Postmark on improving the security and minimizing the data sent and stored in the US.

More information on Postmarks data security here.

More information on Postmarks Privacy and GDPR efforts including Postmarks own sub-processors can be found here.

Privacy overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly necessary cookies

Strictly necessary cookies are enabled to save your preferences for cookie settings and other important core functionality. You may disable these by changing your browser settings, but this may affect how the website functions. To change your preferences at any time, click on the “Change cookie settings” icon in the lower left corner to access this page.

Marketing cookies

Cookies set by third party services or by us to track performance metrics, usage and marketing analytics to help us to personalize content and ads which improves your experience visiting Oneflow. We also share information about your use of our site with our analytics and advertising partners.

Show details