Fortunately, we don't have to update our Terms of Service (ToS) very often, but from time to time, there's a need to update the rules that govern how we provide Accelo to our clients.
This week, we made an update to our ToS to accommodate a number of regulatory changes that have transpired over the last year or so — in various phases — related to EU, UK and Swiss data transfer regulations.
The good news is that this is all just (electronic) paperwork. Our approach hasn't changed:
- We continue to have a single, consistent ToS for all of our clients, or as they're technically defined, our Subscribers. Whether you're a business with an HQ in New York or original Amsterdam, you'll have the same protections because it's easy to imagine a US company having EU-based contacts in their Accelo database. This is why we don't use a Data Protection Addendum (DPA) — our commitments are baked in for everyone, so there's nothing to addend.
- We continue to treat our client's data as just that — their data. Our role is to provide the best client work management platform in the world. That means your data is your data, and our role is to make it available and useful but always yours. In the parlance of EU data regulations, you're 100% the Controller, and our role is to be the Processor of whatever data you give us through our UI or integrations.
Since our last ToS update, a few things have transpired. Here's a layman's understanding:
- The EU updated its Standard Contractual Clauses (SCCs) to, in effect, codify the GDPR regulations from 2018, which came into effect at the end of last year.
- After Brexit occurred, the UK better aligned with EU rules via their own regulations released around this time last year, with a phase-in approach.
- However, while these phased-in plans were being accommodated, the European Court of Justice, in a case known as Schrems II, eliminated a framework for EU-US data transfers known as the Privacy Shield (which matters to many Accelo clients as our primary data center is in the US state of Oregon). There was a lot of uncertainty around this, especially because it was focused on government access to data. This was a moving target, so we sought legal advice about the right way to proceed for our clients, given we don't traffic in or profit from personal data at all.
As the efforts of the US to become recognized as an adequate importer under EU rules were unlikely to be addressed quickly (having commenced in late 2022), we've now taken steps to update our ToS. This change supports both our EU-based clients, who understandably care about these compliance matters because of the risks they present, along with all of our clients around the world. Better to be safe than sorry.
We apologize for the disruption associated with these paperwork changes. If you have any questions, please email [email protected].