Tribeify GDPR

Tribeify and the General Data Protection Regulation

The EU General Data Protection Regulation (GDPR) replaces the Data
Protection Directive 95/46/EC to safeguard European Union data subjects’
basic right to privacy and therefore the protection of private data. The
regulation was designed to harmonize data privacy laws throughout
Europe, to safeguard and empower all EU citizens privacy and to reshape
the means by which organizations across the region approach data
This regulation introduces robust requirements which will raise
standards for data protection, security, and compliance. Enforcement Date:
May 25, 2018

Our Commitment

As your partner, Tribeify wants to help you make your GDPR compliance process as seamless as possible and accelerate your efforts. Our
commitment to protecting customer data makes it essential for us to comply with all the GDPR requirements. We provide companies who do
business with us with transparency and control of their customer data so that compliance with regulations like the General Data Protection
Regulation is straightforward.

Our Work

We strive to ensure the security and privacy of the data we process and store. The procedures we follow are described here in this section. It
provides information about the steps we take to secure data and ensure compliance with security and privacy regulations.

Personally Identifiable Information

As a data processor, Tribeify assembles, retains, and processes the specialty retail and direct-to-consumer client data. We employ the information in hand to avail safe and secure access to our services. With a dedicated team of engineers, state-of-the-art technology, and automated systems, we ensure complete data protection of all the information we hold. Tribeify as a controller also collects, retains, and processes data of leads, and customers.

Security and Compliance

Our information systems and infrastructure are hosted within Google Cloud services.

Security Policies

Our information security policies are regularly updated to ensure the privacy of our users’ database. The CTO and employees responsible for information security policies they need to develop to ensure data security.  

Dedicated Security Personnel

Tribeify has a dedicated security team, which focuses on applications, networks, and system security. This team is also responsible for security compliance, education and incident response.

Access Control

Tribeify’s database can only be accessed via a Virtual Private Network or an SSH query, and requires multi-factor authentication. We have a strong password policy, which involves complexity, expiration, and lockout. Tribeify grants access to the information on as-needed basis and review the permission quarterly. After the termination of an employee, the system access is revoked within 24 hours.


Tribeify conducts background screening at the time of hiring (to the extent permitted or facilitated by applicable laws and countries). In addition, Tribeify communicates its information security policies to all personnel, requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.

Vulnerability Management and Penetration Tests

Tribeify has deployed a documented vulnerability management program, which includes periodic scans, remediation of security vulnerabilities on workstations, network equipment, servers, applications as well as identification. We use Google Cloud Services to scan all networks including test and production environments. The critical patches are fixed on priority and other patches are fixed as required. We regularly conduct internal and external penetration tests to ensure our system is void of any vulnerability.


Our development team employs secure coding techniques and best practices, focused around the OWASP Top Ten. Developers are formally trained in secure web application development practices upon hire and annually. Development, testing, and production environments are separated. All changes are peer-reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.


Tribeify encrypts data in transit using GFE is encrypted in transit with Transport Layer Security (TLS) or QUICcryptographic protocols.

Logging and Auditing

All the logs of applications and infrastructure systems are sent to a centrally managed log repository for analysis, security reviews and troubleshooting. In addition, it preserves the information as per the regulatory requirements. This information can be shared with customers in case a security incident occurs, which may, directly or indirectly, impact their data.

Asset Management

Tribeify incorporates an asset management policy, which includes identification, classification, retention, and disposal of information and assets. Devices and systems issues by Tribeify are equipped with best antivirus software and complete hard-disk encryption. The Company-issued devices will be used to access production networks and corporate data.

Information Security Aspects of Business Continuity Management

Tribeify adheres to the complete guidelines and policies to maintain the security incident response including investigation, remediation and public communication. These policies are checked after every six months.

GDPR Compliance

We ensure that all the services and resources we offer are compliant with GDPR requirements of any business associated with us. By engaging with MNP LLP., Tribeify continues to align and work towards GDPR compliance.


Tribeify is subject to the General Data Protection Regulations and other privacy and security frameworks and regulations. Under those regulations, we are required to respond to data subject requests and concerns. To date, Tribeify has not received any relevant requests, concerns or complaints from data subjects, advocacy groups or regulators.


What is GDPR?

Tribeify is subject to the General Data Protection Regulations and other privacy and security frameworks and regulations. Under those regulations, we are required to respond to data subject requests and concerns. To date, Tribeify has not received any relevant requests, concerns or complaints from data subjects, advocacy groups or regulators.

What is regulated by GDPR?

The GDPR will ensure that all businesses, irrespective of their physical presence within the EU, should adhere to the regulations forced by the laws when collecting, storing and transferring the data of EU individuals.

What is personal data?

Personal data, as explained by a GDPR, is a broad term, which covers any information relating to an identified or identifiable data subjects.

What is the difference between a data processor and a data controller?

A controller is defined as an entity that identifies the purpose, conditions, and means of the personal data protection process. A data processor, on the other hand, is a unit that is responsible for processing the personal data in support of the controller.

Does the GDPR require EU personal data to stay in the EU?

No, the GDPR doesn’t entail the personal data to remain within the EU, nor does it enforce any restrictions on data outside the EU. Data processing requirements by Tribeify and reference to the European Commission’s model clauses will persist to enable customers to legitimize the transmission of EU personal data outside the physical boundaries of the EU.