Skip to content.
woman on computer

Your Data is Safe with Us

We know you take data privacy seriously – and so do we.

Wherever your data is hosted, NAVEX governance, risk and compliance (GRC) software meets global data privacy requirements – protecting your data, privacy and peace of mind.

Contact us with any questions
image of EU flag with padlock

The EU and UK GDPR

If your data is hosted in the US, your data is held in compliance with the requirements of the EU General Data Protection Regulation (GDPR). If your data is hosted in the EU, your data is safely stored and protected in Frankfurt, Germany, and backed up in Amsterdam, the Netherlands, also in full compliance with the GDPR. 

Get further hosting details here.

The reasoning for this is:

  1. The affected data collection practices involve the collection of communications data, which applies almost exclusively to large email and social media organizations.

  2. Other organizations come into scope as they may be considered a security risk under U.S. law. NAVEX also doesn’t fall into this category.

  3. NAVEX is classified as a U.S. person under U.S. law. In the unlikely event of NAVEX coming into the scope of the ruling, the U.S. government is prevented from targeting the communications of NAVEX (and its third parties) without very specific and strict procedures to follow. These extra protections from the U.S. person classification would not apply to organizations that aren’t classified as a U.S. person – including those based in the EU.

For extra coverage, NAVEX also uses supplementary measures recommended by the EDP on top of using the latest Standard Contractual Clauses (SCCs).  

*This is the reasonable opinion of NAVEX following the counsel of internal and external legal experts. For more technical details, customers can reach out to our data privacy team for additional info.

image of binary code as flooring with miniature people walking on it

No stone left unturned

Our customers trust our security standards. We put in the work to earn that trust. 

Consistent monthly web application scans, weekly internal network scans and daily external network scans for systems and applications keep your data safe.  

Third-party independent experts also PEN test all our web applications and infrastructure every year – because there are always ways to improve and our experts are always alert.

image of laptop with code coming out of the screen

Delicate data handled delicately

Limiting access to your data naturally means a tighter standard of privacy and protection.  

As well as our built-in software security and certifications, we limit access to customer data in several other ways: 

  • Service delivery – we only process customer data to provide the services agreed upon. 
  • Our authorization – we follow the principal of least privilege, providing our employees with the minimum level of access they need to provide your services.  
  • Partner advocacy – we ensure our sub-processors understand, respect and enact the same level of confidentiality as we do at all times. 
  • Password protection – we protect all employee access to backend systems with multifactor authentication and stringent password requirements – as everyone should.

We also ensure all our employees undergo regular cybersecurity, data and personal privacy training to keep their awareness and knowledge up to date.

Have more questions about our data privacy processes and policies?

Just reach out to our dedicated Privacy Team at