ExaVault is GDPR Compliant

GDPR is a shared responsibility that we take seriously.

Data Processing Agreement

As a data processor for companies in the EU and UK, we automatically incorporate a Data Processing Agreement to our Terms of Service. The Addendum guarantees our expert knowledge, reliability, resources and security with regards to processing your data.

Standard Contractual Clauses

Our Data Processing Addendum also includes Standard Contractual Clauses, which are a key legal mechanism for non-EU companies to ensure that personal data from the EU is protected during transfer.

Privacy Shield Certified

While we recognize that the GDPR landscape changed in July of 2020, ExaVault remains certified under the Privacy Shield Program administered by the US Department of Commerce.


ExaVault is committed to maintaining Privacy Shield principles for our customers in the United Kingdom. We are up-to-date on data security requirements for both the UK and the EU, and we are ready to support you in a post-Brexit world.

Need Custom Terms?

Our standard Terms of Service and Data Processing Addendum cover nearly all cases for both the EU and the UK. If your business needs a custom DPA, though, we are able to help as part of our Enterprise Services.

Our Subprocessing Partners

We work with a number of Tier-1 companies to provide our services. Each of these companies is vetted by ExaVault to ensure that they comply with the General Data Protection Regulation.

ExaVault works with the subprocessors shown here:

Our Commitment to GDPR

The European Union has strengthened the control that individuals have over their own data and their right to privacy by passing the GDPR (General Data Protection Regulation) into law.

We know that GDPR is critically important to the future of online file transfer. Our job is to help you remain GDPR compliant when sending and sharing files and documents.

GDPR Principles
  • All personal data must be kept secure.
  • EU citizens have the right to access their personal data.
  • Any personal data collected is needed only to fulfill a specific purpose.
  • Use of personal data collected will be done in a legal, fair and reasonable way.
  • Personal data will be accurate to the degree we can confirm accuracy and will not be held longer than necessary to maintain your account or file sharing services.
© 2021 ExaVault. All Rights Reserved. ExaVault is a registered trademark of ExaVault, Inc.