Front is compliant with GDPR

Front has the operational, product, and policy frameworks in place to be compliant with the General Data Protection Regulation (GDPR). This article summarizes the initiatives we completed to achieve GDPR compliance.

Last updated: December 18, 2020

Policy Updates & Certifications

Terms of Service

We updated Front's Terms of Service on June 19, 2020 to include a new Data Processing Addendum with the Model Clauses required by the GDPR.

Privacy Policy

We updated Front's Privacy Policy on January 1, 2020 to share the specific details of personal data we collect and how we use it. This policy is publicly available on our website.

Cookie Policy

Included in Front's Privacy Policy is a cookie policy that explains how we use cookies on our website. We display a banner on Front webpages asking users to accept the cookies being used.

Privacy Shield

We maintain Front's E.U.-U.S. and Swiss-U.S. Privacy Shield certifications that ensure adequate safeguards are in place for international data transfers.

Product Updates

Data Usage

We've completed a comprehensive data audit to ensure we only collect data critical to business needs and will review our retained data regularly. We’ve also streamlined how we use personal data throughout our infrastructure to limit usage of data to only the necessary applications that allow us to operate our service. 

Data Collection

We only collect website visitor data when a visitor to a Front website has given their explicit acceptance in the cookie banner. 

Data Access, Portability, and Deletion

We have processes in the app and through our Support team that allow customers to request that their data be corrected, exported, or deleted. Here's how you can take action on your Front data:

• Messages and conversations: Permanently delete a single message by clicking on the 3-dots menu, or delete an entire conversation from Trash. 
• Contacts: First, permanently delete all conversations related to the contact, then delete the contact. It will be permanently deleted if it has no related conversations left.
• Teammates: When you delete a teammate in Settings, their private data is saved. Ask our support team to permanently delete their private inbox, contacts, and conversations.
• All data in your team’s account: If you’re sure you’re done using Front, ask our support team to permanently delete your team’s account data. You can also request an export of all the data in your Front account at any time.

Operational Updates

SOC 2, Risk Assessment, & Security Penetration Testing

In 2020, we have completed both a SOC 2 Type 1 and Type 2 audit. We've also completed our annual risk assessment during Q2 2020. Lastly, we have completed our annual security penetration test with a third party firm during Q3 2020. 

Security & Incident Response Training

All Front employees attend trainings on our responsibility regarding security, availability, processing integrity, or confidentiality activities. Additionally, the Front team is trained on appropriate incident response procedures in the case of a data breach.

If you have any questions, please don't hesitate to contact us.