Frontegg ensures your data is safe

image description image description image description


Frontegg is committed to protect individuals’ right to data protection and privacy.

Frontegg is a global organization operating in the context of various data protection and information security frameworks. We are directly bound by provisions of Israel Protection of Privacy and Data Security Regulations and our clients are subject to EU General Data Protection Regulation and other national data protection laws. We support our clients in compliance with California Consumer Privacy Act of 2018, GDPR and other national legislation by implementing requirements of these legal frameworks in our products and operations.

In relationships with clients, Frontegg usually acts as a data processor for any personal data clients provide to us (e.g. user data in hosted products). If you are using our products, you are a controller of data stored within these products.

  • General Data Protection Regulation (GDPR)

    Frontegg is supporting customers in achieving compliance with the GDPR. Among others, we offer our clients a Data Processing Addendum (DPA) to comply with article 28 of the GDPR.

  • Frontegg subprocessors

    Frontegg is using only service providers that guarantee a high level of data protection and security.
    Frontegg signs DPAs (data processing agreements) with all third-party providers processing data on our behalf. These agreements mirror the terms of Frontegg’s customer-facing data protection agreement and, if necessary, include the standard contractual clauses (SCCs).

  • International Transfers

    EU customers’ data are always held on servers located in the European Union. Israel is the only non-EEA country that may be a destination of our data transfers due to the fact that Frontegg is based there. Israel is considered a country with adequate data protection standards (Commission Decision of 31 January 2011).

  • Support in handling data protection rights requests

    Frontegg products have built-in support for handling GDPR requests like data erasure request, data rectification request and data access request. We are committed to provide support to our customers in case of other data protection related requests.

  • Privacy by Design

    We take into account privacy requirements at all stages of our products’ development. We are continuously improving our practices and development standards to meet GDPR requirements of Privacy by Design.