Breeze and GDPR compliance

Breeze is committed to compliance with the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. To that end, we have reviewed our internal procedures and system and made the necessary changes. The nature of GDPR means that it is a continuous process that needs be monitored and validated.

Infrastructure and data transfer

Protecting your information and your privacy is very important to Breeze. Our infrastructure partners Amazon and Heroku are certified under ISO 27001, SOC 2 and FISMA. The physical infrastructure is hosted and managed within Amazon’s secure data centers in the United States and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Data transfer outside EU is done following the EU-US Data Privacy Framework guidelines.

Breeze as the data processor

The client data you store in Breeze is your data subject and you are considered the data controller for this personal data. Breeze terms of service and privacy policy serve as written data processing contract (GDPR Article 28). Breeze will only process your client data based on your instructions as the data controller.

Breeze as the data controller

Breeze acts as the data controller for the personal data we collect about our web app, mobile apps, and website users. We process data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)). We also process data to meet our obligations under the law (GDPR Article 6(1)(c)) — this involves financial data and information that we need to meet our accountability obligations under the GDPR. Breeze is committed to respecting all your rights under the GDPR as the controller for your personal data.

Data portability solution

Breeze has all the tools to comply with GDPR data portability and management.

  • Data export — you can export your data anytime in HTML and JSON format.
  • User deletion — you can delete your personal profile anytime.

Going forward

We continue to improve our procedures and systems. We'll monitor our GDPR compliance from privacy-related regulatory bodies and will adjust our systems accordingly if need. We'll update this page as necessary and if you have any question then you can reach us at