Internationalize your app and multiply your user reach easily. Sign up now

OneSky Logo Blog

Insights on international expansion

How we’re preparing for GDPR

What is GDPR?

The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.

To whom does GDPR apply?

The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.

To what implications does GDPR have for organizations processing the personal data of EU citizens?

One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely.

Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.

At OneSky, we value your privacy. We’re committed to keeping the information you provide to us secure and confidential. With that in mind, we’ve made some updates to our Terms of Services and Privacy Policy to comply with the new requirements under the EU General Data Protection Regulation (GDPR) coming into effect on May 25, 2018.

What data we are collecting from you?

  • Identity information
  • Contact information
  • Profile information
  • Feedback and correspondence
  • Financial information
  • Transaction information
  • Usage information
  • Marketing information

Check out OneSky Privacy Policy for more details.

How we use your personal data?

General Uses

(a) operate, maintain, administer and improve the services;
(b) process payments you make through the services, and send you related information, including purchase confirmations and invoices;
(c) send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages;
(e) respond to your service-related requests, questions and feedback;
(f) monitor and analyze trends, usage, and activities in connection with our website, services and for marketing or advertising purposes;
(i) personalize our website and services, including by providing features or advertisements that match your interests and preferences; and
(j) for other purposes for which we obtain your consent.

Check out OneSky Privacy Policy for more details.

Your Rights

You may be entitled to:

  • opt out from processing of your personal Information for direct marketing purposes;
  • request information regarding the processing of your personal Information, including to be provided with a copy of your personal data;
  • request the correction and/or deletion of your personal Information, or object to the processing of your personal Information;
  • request the restriction of the processing of your personal Information;
  • request receipts or transmission to another organization, in a machine-readable form, of the personal Information that you have provided to us; and
  • complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation for damages or distress incurred or suffered as a result of unlawful processing of your personal Information.


The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. Check out Security Page for more details.

List of Data Subprocessors

Welcome to OneSky’s Subprocessor repository page where we maintain a current list of Subprocessors authorized to process customer data for OneSky’s services. OneSky imposes data protection terms with each Subprocessor regarding their security controls and applicable regulations for the protection of personal data.

Entity Name Entity Location
Amazon Web Services, Inc. USA
Logentries USA
SendGrid, Inc. USA
Zendesk USA
Heap, Inc. USA
Intercom, Inc. USA
Firebase USA
ObjectLabs Corporation USA
ChartMogul Ltd United Kingdom
Xero Limited. New Zealand
HubSpot, Inc. USA

What OneSky has prepared for GDPR?

  • 1. Updated our Terms of Services and Privacy Policy to simplify the language around our data policies to make it clearer and more understandable
  • 2. Coordinate with our partners
  • All vendors are required to sign an EU Data Protection Agreement prior to working with us. This document addresses common requirements concerning Notice, Choice, Onward Transfer, Access, Security, Data Integrity and Enforcement of the Personal Data with respect to the vendor’s Personal Data. Any vendor has the right to terminate its working relationship with us and request the deletion of Personal Data pertaining to them.

  • 3. Educate OneSky employees
  • Our team is educated on changes related to GDPR and other data handling practices so all employees understand our security standards and commitment to privacy for our users.

  • 4. Take security measures
  • We take a holistic, risk-based approach to security. This means the platform secures your data in transit and at rest, restricts and secures data access, and provides continuous incident monitoring.

  • 5. Prepare Data Processing Agreements (DPAs)
  • Any third-party service providers that are utilized by us will only be given access to Your Account and Service Data as is reasonably necessary to provide the Service and will be subject to their implementing and maintaining compliance with appropriate technical and organizational security measures. Check out OneSky Data Sub-processor list for more information.

    Our Data Processing Agreements have been updated. For more information on how customers can enter into it, contact OneSky at

  • 6. Certify for International Data Transfers
  • Transfers of personal data outside the European Economic Area (EEA) are permitted as long as certain safeguards apply. Our customer DPA contains the EU Model Clauses, which are industry standard for data safety. This means that we agree to protect any data originating from the EEA in line with European data protection standards.

  • 7. Prompt breach notifications
  • In line with our current policies, we will promptly inform you of any incidents involving your users’ personal data.

    We look forward to continuing to build on our commitment to data security and privacy. If you have any questions about how GDPR affects you as a customer, our support team is happy to help.