Flare and GDPR Compliance: A Quick Guide

At Flare, we take all forms of security seriously, including the protection of your personal data. This includes compliance with the General Data Protection Regulation (GDPR) when processing personal data on behalf of our customers. To learn more, take a look at our Legal Center, specifically the Privacy Policy and Data Processing Addendums

For 16 common questions about GDPR compliance, keep reading below.

Top 16 Questions About Flare and GDPR

1. What are your data rights and control?

Under GDPR, you have certain rights over your personal data, and Flare helps ensure you can exercise them. These rights include:

  • Access: You can ask Flare for details about what personal data they have on you.
  • Correction: If any of your personal data is incorrect, you can request it be fixed.
  • Deletion: You can ask Flare to delete your personal data if it’s no longer needed.
  • Portability: You can request a copy of your personal data in a structured format, like to transfer it to another service.
  • Consent: If Flare is processing your personal data based on your consent, you can withdraw that consent at any time.

Flare aims to respond to your requests within 30 days. If we can’t fulfill a request, we’ll explain why.

2. How does Flare use your data?

Flare collects and processes your personal data for specific purposes to provide cybersecurity services. This includes:

  • Managing your user account (e.g., your email address, team details).
  • Responding to requests, like taking down harmful domains.
  • Providing threat intelligence by searching public and dark web sources.
  • Monitoring identifiers such as email addresses and domain names to detect cybersecurity threats.
  • Processing security incidents and providing support services.

We only use personal data for lawful purposes like fraud prevention and cybersecurity. We also make sure clients, like managed security service providers, use the data only for legitimate reasons.

3. How does Flare protect your data?

To keep your data safe, we use industry-standard encryption, both while your data is being stored and when it’s being transferred. We also perform regular security checks and have strict rules about who can access your personal data, ensuring only authorized people see it. If something goes wrong, Flare has a plan in place to manage security breaches quickly and effectively.

4. Where does Flare store your data?

Flare uses Amazon Web Services (AWS) to host the platform. AWS stores your personal data in the us-east-1 region (North Virginia) and follows strong security standards. Your data is encrypted, but if stored outside of your home country, it may be subject to local laws. Flare will notify you of any legal requests for your personal data unless we’re not allowed to.

5. How long does Flare keep your data?

Flare holds onto your personal data for as long as your account is active. Once your account is no longer in use, your data will be deleted in line with our agreements. You can also request that your data will be deleted when your account is no longer active. In some cases, we may need to keep your data longer if required by law.

6. How does Flare share your data?

Flare shares your data only when necessary to provide its services. This could include service providers, like AWS, for cloud hosting, analytics services and integration partners. Our full list of subprocessors is available via our Legal Center.We may also share data with authorities if legally required to do so, like during investigations to prevent harm.

We will never sell or use your personal data for marketing purposes.

7. What are your GDPR rights?

If you’re in the EU or UK, you can:

  • Be informed about how your data is processed.
  • Access your personal data.
  • Correct any inaccurate data.
  • Request deletion of your personal data.
  • Transfer your data to another provider.
  • Object to how your data is being processed.

We take these rights seriously and ensure compliance with GDPR, making it easy for users to manage their personal data and exercise their privacy rights.

8. What is your responsibility in sharing data with Flare?

Flare’s customers (like businesses using its services) are in charge of the data they share with us. This means:

  • Accuracy & Legality: Customers must ensure the personal data they collect is accurate and lawfully obtained.
  • Consent Management: It’s up to customers to inform Flare if an individual (called a “Data Subject”) withdraws their consent for personal data use.
  • Legal Instructions: Any instructions given to Flare about how to handle data must follow all relevant laws.
Automate Your Threat Exposure Management

Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.

In simple terms, while we handle the data, the customer is responsible for making sure the data is collected and used properly.

9. How does Flare process data on your terms?

Flare processes personal data only as needed to provide its services, and always according to the customer’s instructions and our Privacy Policy. This means:

  • No Marketing Use: We don’t use personal data for marketing or sell it to others.
  • Legal Compliance: If a customer’s request might break the law, we will inform you and may refuse to follow such instructions.

10. How does Flare transfer data internationally? 

Sometimes data has to cross borders. We are authorized to transfer data between different countries, but only if those transfers meet GDPR standards. If the data is moved outside of areas like the EU or the UK (places where GDPR applies), we ensure that the necessary legal safeguards are in place.

11. How does Flare address data breaches?

If a data breach happens, we will notify customers as soon as possible. This report will include:

  • What happened (the breach details).
  • How many people and records were affected.
  • What steps we are taking to fix the issue and prevent future problems.

Flare and our customers work together to inform the affected individuals and authorities if necessary.

Details about our incident response processes are available in our Security Addendum

12. How does Flare support individual data rights? 

Under GDPR, individuals have rights over their personal data. For example, they can ask to:

  • See what data is collected about them.
  • Request corrections or deletion of their personal data.

We help our customers respond to these requests by:

  • Promptly notifying customers when such requests are received.
  • Offering tools to allow individuals to download their personal data in a simple, readable format.

13. How does Flare collaborate with customers to meet GDPR requirements?

Flare collaborates with our customers to meet GDPR obligations, especially when:

  • Conducting assessments of how personal data is handled (like privacy impact assessments).
  • Auditing Flare’s data protection practices, ensuring compliance with security standards like SOC II.

14. Does Flare work with subprocessors?

Sometimes, Flare may need to work with third-party companies (called “Subprocessors”) to help process personal data. When we onboard a new subprocessor, we:

  • Carefully check their security measures.
  • Notify customers about the use of these subprocessors and allow objections if necessary.

To request a full list of subprocessors, or to be notified in case of subprocessor modifications, head over to our Legal Center.

15. How does Flare protect personal data?

Flare follows strict security measures to protect personal data, including encryption and regular security audits. Customers also have a role to play in securing their data, such as making sure it’s safe during transfers to and from Flare’s platform.

16. How does Flare adapt to changes in data protection policies?

As data protection laws evolve, we update our data handling practices to stay compliant. Customers will be informed of any significant changes that impact the way personal data is processed.

Flare and GDPR

At Flare, we take protection of personal data seriously. If you have any questions that weren’t addressed in this article, or ever have questions/ concerns about how we handle your personal data, you can reach out to our Privacy Officer for assistance at [email protected].

Share This Article

Related Content