Legal

CircleCI is committed to complying with the European Union General Data Protection Regulation (GDPR). The GDPR defines how companies use personal information collected on any European resident. This affects how CircleCI collects information on its users, how its customers transfer personal information to CircleCI during the normal course of business, and how CircleCI transfers that personal information to its trusted third-party partners. In short, it affects everyone.

CircleCI has always taken privacy seriously. As part of its GDPR compliance work, CircleCI now has the following:

• An updated Privacy Policy at https://circleci.com/privacy/.
• A public list of subprocessors at https://circleci.com/legal/subprocessors/.
• A Data Processing Addendum (DPA) for customers who need one signed for their own compliance paperwork.

CircleCI’s new Privacy Policy is written to bring our data transferring standards in line with Privacy Shield, which is a certification granted by the U.S. Department of Commerce. European and U.S. authorities established Privacy Shield as a legal mechanism that guarantees participating American companies meet Europe’s stricter standard for how data is transferred outside Europe. CircleCI is EU-U.S. and Swiss-U.S. Privacy Shield certified. View all Privacy Shield certified companies.

Please email privacy@circleci.com with questions.