Policies and Procedures

General Data Protection Regulation (GDPR)

Last updated: 5 May 2022

What is GDPR?

General Data Protection Regulation (GDPR) 2016/679 is a ground-breaking privacy and security law targeting organisations that collect people’s data within the European Economic Area (EEA). At its core, GDPR brings sweeping personal data protection principles and demands accountability from businesses offering services within the EU. It mandates respect for fundamental privacy rights and consent for any personal data to be collected. GDPR is a win for digital privacy.


Is Calibre GDPR compliant?

At Calibre, we believe data privacy is essential, so we implement strategies beyond GDPR compliance to ensure your data is safe. We believe in collecting the minimum amount of data, not only out of respect for privacy but also to reduce possible risks.

Since GDPR came into effect on May 25, 2018, Calibre is compliant with the regulation. Here’s what we do:

  • We work with GDPR principles in mind: how can we protect visitor and customer data and always take actions with their consent rather than assuming it? (e.g. we don’t auto-subscribe anyone to our newsletters).
  • We have a lawful reason to process your data.
  • We constantly re-evaluate our security practices and make efforts to secure your data further. Where possible, we only store the absolute minimum of data for a short amount of time.
  • We have a Data Protection Officer and sign Data Processing Agreements (DPA) with our sub-processors.
  • We are clear about how your data is collected and used. We make it easy to obtain it and permanently delete it.

Cookie Consent

We prompt anyone visiting the Calibre website to accept or reject cookies used for analytics purposes. If you decline, we will store no analytics data except for remembering your choice not to be tracked across Calibre’s website and application.


Our Data Processing Agreement (DPA)

A Data Processing Agreement (DPA) is a crucial ingredient of GDPR compliance. Alongside our Privacy Policy and Terms of Service, it regulates technical requirements for processing the data (storage, protection, access, and usage).

Contact us at privacy@calibreapp.com to request an executable Data Processing Agreement. As a small team, we cannot make changes to the standard DPA and cannot agree to sign customers’ DPA.


List of Sub-processors

We only send your data to trusted third parties when it’s essential to provide core Calibre services. Here’s a list of sub-processors we currently use:

Sub-processorNature of processingLocation of sub-processor
Amazon Web ServicesInfrastructure hostingUSA
BugsnagError monitoringUSA
GoogleData analyticsUSA
GoogleGoogle Auth SSOUSA
HCaptchaSpam preventionUSA
HerokuApplication hostingUSA
IntercomCustomer supportUSA
MailChimpEmail newsletter deliveryUSA
NotionDocumentation & planningUSA
PapertrailLog managementUSA
PostmarkApplication email deliveryUSA
SlackTeam communicationUSA
StripePayment processingUSA
XeroAccountingNew Zealand

We’re here for you

If you have any questions regarding GDPR compliance at Calibre, we’re here to help. Contact us at privacy@calibreapp.com.