RudderStack obtains the Data Privacy Framework Certification

We are excited to share a major milestone in our ongoing commitment to data protection and privacy. We are now officially certified under the Data Privacy Framework (DPF). This significant designation covers the EU-U.S. Data Privacy Framework, its UK Extension, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Economic Area (EEA), United Kingdom and Switzerland, to the United States.

This certification reflects our dedication and commitment to maintaining the highest standards of privacy, transparency, and accountability when handling personal data from the European Union, the United Kingdom, and Switzerland.

What the DPF Certification means for our customers

Developed jointly by the U.S. Department of Commerce, the European Commission, the UK Government, and the Swiss Federal Administration, the DPF provides U.S. organizations with a reliable mechanism for transferring personal data from the European Union, the United Kingdom, and Switzerland to the United States.

By achieving DPF certification:

• We meet strict privacy principles designed to safeguard personal data.
• EU/UK/Swiss customers and partners can transfer data to us lawfully, relying on a mechanism that has been deemed adequate under the law.
• We commit to independent recourse and oversight.

Our DPF certification provides assurance that our data handling practices align with EU/UK/Swiss regulatory expectations, reduces compliance burden for our customers, and strengthens trust with organizations that rely on us to safeguard their information. It highlights RudderStack’s dedication to continually enhancing its programs for privacy, security, and compliance to best support its customers.

Our ongoing commitment to data protection

DPF certification is an important step, but is certainly not the end goal. RudderStack is committed to trust and security in delivering transformative solutions to its customers. We continue to invest in our data protection efforts through:

• Annual AICPA’s Service Organization Control 2 (SOC 2) Type II reporting requirements
• Continuous monitoring of regulatory developments
• Transparency with customers about how their data is used
• Data protection measures that align with industry best practices

To learn more about the program and view the scope of RudderStack's active certification, please visit the Data Privacy Framework website and RudderStack’s page on the Data Privacy Framework List.

FAQs

What is the Data Privacy Framework (DPF)?

The DPF is a program developed by the U.S. Department of Commerce, the European Commission, the UK government, and the Swiss Federal Administration. It provides a reliable mechanism for transferring personal data from the EU, UK, and Switzerland to certified organizations in the United States.

What does RudderStack’s DPF certification cover?

RudderStack’s certification covers the EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. Framework. It confirms that our collection, use, and retention of personal data adhere to strict privacy principles for lawful cross-border data transfers.

How does this certification benefit RudderStack customers?

It gives customers confidence that our data handling aligns with EU, UK, and Swiss privacy expectations. It supports lawful data transfers, reduces compliance burden, and reinforces our commitment to privacy, transparency, and accountability.