security
shield-lock

Security first platform

GetAccept has a security first mindset and follows a set of security principles within the fundamental designs of the GetAccept Platform. We use encryption technologies to protect customer data both at rest and in transit.

Product security features

When using GetAccept you have access to a set of features to increase your data protection

user-opt-in

User management

Configure user permissions in GetAccept to comply with your internal policies.

user-sync

SCIM

Effortlessly automate and sync user accounts across multiple systems using SCIM for streamlined identity management and provisioning.

two-factor

Multifactor authentication

Set up your GetAccept account to require multifactor authentication, both for your users and for the recipients, adding additional safeguards for your documents and rooms.

cloud-security

Single Sign On (SSO)

Connect your preferred identity provider to simplify user management and authentication control. We support all SAML SSO providers like Azure, Okta, OneLogin and Google SSO.

database-secure

Data retention

Set up rules inside GetAccept to dictate how your data should be stored and deleted. In complete accordance with your GDPR policies.

Platform Security

GetAccept is built on a stable, redundant and scalable infrastructure and designed for 100% uptime. We have backups, full encryption and conduct yearly penetration tests to secure data against all possible threats. No system is better than the persons working on it and we provide regular security training to our staff and have among other things implemented a segregation of duties and least privilege access principles in the organization.

SOC2

System and Organization Control (SOC) 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of the report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

GetAccept undergoes a yearly rigorous audit conducted by a reputable certified third party auditor to certify the GetAccept services against this standard. The audit firm evaluates if GetAccept compliance controls are designed appropriately and if they are effectively operational.

The latest SOC 2 type 2 report may be requested by reaching out to our support. Potential customers can reach out to sales for more information.

Encryption and additional security measures

We encrypt our data in transit using ECDSA 256 (a 3072bit equivalent SSL/TLS certificate) and we encrypt our data in rest using the industry-standard AES-256. Read more about GetAccepts additional security measures here.

Data Storage

GetAccept only uses trusted and a select few sub processors that stores data. The sub-processors are assessed continually. Read more about the sub processors in our DPA.

Privacy

In general, the Personal Information you provide to us is used to help us communicate with you better. GetAccept takes your privacy seriously and will never share your personal information with any third party other than what is stated in our privacy policy. Read more here Privacy Policy.

General Data Protection Regulation, GDPR

GDPR is EU Regulation on data protection and privacy (personal data).

The regulation is implemented in all local privacy laws across the entire EU and EEA region. It will apply to all companies selling to and storing personal information about citizens in Europe, including companies on other continents. It provides citizens of the EU and EEA with greater control over their personal data and assurances that their information is being securely protected across Europe.

What counts as personal data?

According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, medical information, or a computer IP address.

What does it mean?

GDPR contains several requirements that benefit consumers by requiring increased control and transparency related to the personal data collected by organizations. At the same time, there are significant fines for infringements - up to 4% of global revenue or a maximum of EUR 20 million. Important differences to the previous privacy policy are that it includes much stronger terms for consent and obligations for data processors and data collectors, where mandatory contract terms between the parties are required.

Privacy by Design

GetAccept is built from the ground up to incorporate the principles of data protection and privacy through design (Privacy by Design).

Your rights under GDPR

The right to access –this means that individuals have the right to request access to their personal data and to ask how their data is used by the company after it has been gathered. The company must provide a copy of the personal data, free of charge and in electronic format if requested.

  • The right to be forgotten – if consumers are no longer customers, or if they withdraw their consent from a company to use their personal data, then they have the right to have their data deleted.
  • The right to data portability – Individuals have a right to transfer their data from one service provider to another. And it must happen in a commonly used and machine readable format.
  • The right to be informed – this covers any gathering of data by companies, and individuals must be informed before data is gathered. Consumers have to opt in for their data to be gathered, and consent must be freely given rather than implied.
  • The right to have information corrected – this ensures that individuals can have their data updated if it is out of date or incomplete or incorrect.
  • The right to restrict processing – Individuals can request that their data is not used for processing. Their record can remain in place, but not be used.
  • The right to object – this includes the right of individuals to stop the processing of their data for direct marketing. There are no exemptions to this rule, and any processing must stop as soon as the request is received. In addition, this right must be made clear to individuals at the very start of any communication.
  • The right to be notified – If there has been a data breach which compromises an individual’s personal data, the individual has a right to be informed within 72 hours of first having become aware of the breach.

Data Processing Agreement (DPA)

The GDPR states specific demands for agreements between Data Controllers and their Data Processors that are used to process the personal data that they are in control of. These agreements are called Data Processing Agreements and should always be handled if data is shared with third parties. You can find GetAccepts standard DPA here.

Schrems II and the SCC

On 16 July 2020, the Court of Justice of the European Union (ECJ) in its case called “Schrems II”) changed the way data can be transferred to a third country outside of EU, invalidated the old EU-US Privacy Shield. The Commission’s Standard Contractual Clauses (SCC) are valid as a transfer mechanism but require additional security measures and transfer impact assessments (see below). GetAccept has the latest SCCs in place with all sub processors. For more detailed information on the latest initiatives and our view of the EU - US data transfer topic please contact us.

Transfer impact Assessment (TIA)

GetAccept has conducted Transfer Impact Assessment on its data transfers. For a copy of our Assessment please reach out to us on legal@getaccept.com.

Contact information

If you have any questions or suggestions regarding our policies or practices, please contact us at legal @getaccept.com. We are always happy to discuss!

Learn more about our security engagement

GetAccept | Our privacy policy

Our privacy policy

We take your safety seriously. Read GetAccept's privacy policy here! GetAccept helps clients close more deals by sending personalized content.

Read more
GetAccept | Terms and Conditions

Terms and Conditions

Read GetAccept's terms and conditions here! GetAccept is a Sales Engagement Platform that helps sales teams close deals faster using personalization.

Read more
Electronic eSignature Guide | GetAccept eSignature Hub

Electronic Signatures & eIDAS

Finding it difficult to meet in person to sign contracts with pen and paper? With electronic signatures you don't have to. Contact GetAccept for more info!

Read more
contact__form-image}}

Talk to an expert