{"id":12678,"date":"2018-02-01T15:36:20","date_gmt":"2018-02-01T22:36:20","guid":{"rendered":"https:\/\/www.jumpcloud.com\/?page_id=12678"},"modified":"2026-05-04T11:53:06","modified_gmt":"2026-05-04T15:53:06","slug":"gdpr","status":"publish","type":"page","link":"https:\/\/jumpcloud.com\/gdpr","title":{"rendered":"JumpCloud Data Protection Standards"},"content":{"rendered":"\n<p>Data security and trust are integral to JumpCloud\u2019s <a href=\"https:\/\/jumpcloud.com\/\">Directory-as-a-Service\u00ae<\/a> platform. This webpage is a broad overview of JumpCloud\u2019s compliance with applicable data protection laws including the EU General Data Protection Regulation (GDPR) and India&#8217;s Digital Personal Data Protection Act, 2023 (DPDP), and is informational in nature. The content of this webpage is not a legally binding document and should not be considered a substitute for legal advice. JumpCloud\u2019s Data Processing Addendum (DPA) is incorporated into the <a href=\"https:\/\/jumpcloud.com\/legal\">Directory-as-a-Service Agreement (DAASA)<\/a> that JumpCloud enters with its customers. <a href=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/08\/JumpCloud-Customer-DPA-August-1-2024.pdf\">A copy of JumpCloud\u2019s DPA is available here for your review.<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-gdpr-overview\">GDPR Overview<\/h3>\n\n\n\n<p>The GDPR is a data privacy and protection regulation that is applicable to organizations processing personal data from data subjects in the EU, EEA, Switzerland, and the United Kingdom. The GDPR protects data subjects\u2019 personal data and requires controllers and processors to take certain measures to safeguard personal data. Additionally, the GDPR provides data subjects the ability to request review and deletion of their personal data.<\/p>\n\n\n\n<p>The GDPR defines Personal Data as \u201cany information relating to an identified or identifiable natural person\u201d and includes personal identifiers such as names, email addresses, identification numbers, location data, and other online identifiers. The \u201cidentified or identifiable natural person\u201d is called the Data Subject under the GDPR.<\/p>\n\n\n\n<p>There are two types of organizations that process a Data Subject\u2019s Personal Data: Controllers and Processors. Controllers determine the reason for processing a Data Subject\u2019s Personal Data. Processors process Personal Data based on the instructions from the relevant Controller. The GDPR requires Controllers and Processors to take care of Personal Data by using strong controls and security measures. JumpCloud monitors and will continue to monitor and evaluate any changes to the GDPR. JumpCloud has adopted the Standard Contractual Clauses in its DPA as the basis for the transfer of personal data from the EU, EEA, Switzerland, and the United Kingdom to the United States. The Standard Contractual Clauses are standard terms provided by the European Commission that JumpCloud uses for a compliant transfer of personal data from the EU. The Standard Contractual Clauses are expressly incorporated into JumpCloud\u2019s DPA.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-jumpcloud-amp-data-security\">JumpCloud &amp; Data Security<\/h3>\n\n\n\n<p>Privacy by design and protective security measures are critical elements of GDPR compliance. JumpCloud takes security of its systems and all Customer Personal Data extremely seriously. JumpCloud safeguards Customer Personal Data in many ways, including but not limited to encrypting all data at rest and in transit, training employees in security awareness and performing appropriate background checks, maintaining access controls, active software monitoring of JumpCloud user logins and privileged commands, and log monitoring. In addition, JumpCloud\u2019s ongoing security processes include penetration testing, vulnerability scanning, patching, and other activities. Further details on JumpCloud\u2019s <a href=\"https:\/\/jumpcloud.com\/security\">robust security activities are available in our online documents<\/a> as well as via our SOC 2 Type II attestation. The results of JumpCloud\u2019s SOC 2, Type II examination are available to customers upon request by emailing <a href=\"mailto:accounts@jumpcloud.com\">accounts@jumpcloud.com<\/a>.<\/p>\n\n\n\n<p>As a Controller, JumpCloud collects Personal Data in compliance with all applicable data protection laws and regulations. Please see our privacy policy for more information regarding the data JumpCloud collects as a Controller.<\/p>\n\n\n\n<p>As a Processor, JumpCloud processes Personal Data on the Controller\u2019s behalf. Generally speaking, the Controller is the customer using the JumpCloud services. If a Data Subject (the customer\u2019s employees and contractors) exercises their \u2018right to know\u2019 or \u2019right to be forgotten\u2019, JumpCloud cannot itself provide or delete the relevant Personal Data as only the Controller has the right to do so. In such a case, JumpCloud will notify the Controller of the request and support the Controller as necessary, always subject to applicable law and the DPA.<\/p>\n\n\n\n<p>As a Processor, JumpCloud also uses other sub-processors to deliver the JumpCloud services. For example, JumpCloud uses AWS, Salesforce, and others to run its business and provide its services. Pursuant to applicable law and the DPA, JumpCloud enters appropriate data processing agreements with all sub-processors. At no time does JumpCloud allow a sub-processor to use or leverage Customer Personal Data as a Controller. JumpCloud never sells or licenses Customer Personal Data, nor do we permit third parties to market to a customer\u2019s Data Subjects. When a data subject exercises their right to deletion of Personal Data, the deletion extends to our sub-processors as well.<\/p>\n\n\n\n<p>Controllers and processors are also required under the GDPR to report data breaches to affected Data Subjects within 72 hours and without undue delay. As noted above, JumpCloud takes a number of precautions to prevent a data breach. Regardless, if a data breach occurred, as a Controller, JumpCloud would notify all data subjects affected within 72 hours of becoming aware of the breach, and, as a Processor, JumpCloud would notify the Controller to support the Controller in its reporting duties.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-data-deletion\">Data Deletion<\/h3>\n\n\n\n<p>As a Processor, JumpCloud will retain your data for as long as your account is active, whether under our paid or free plans.<\/p>\n\n\n\n<p>If you are the administrator of your company\u2019s JumpCloud account or tenant, you can delete, or request the deletion of, your tenant (and all data). Please note that upon deletion of your data, the JumpCloud platform will not function for you. You may send any requests for information or deletion to <a href=\"mailto:dpo@jumpcloud.com\">dpo@jumpcloud.com<\/a>.<\/p>\n\n\n\n<p>If the administrator of a customer\u2019s JumpCloud tenant permits, an end user may input and delete information in the end user profile. Please note that the customer\u2019s administrator, and not an end user, has the right to delete, or request JumpCloud delete, all other end user data from the tenant.<\/p>\n\n\n\n<p>Individuals that have provided personal information through email, marketing, and sales tools, may unsubscribe to marketing communications as described in the communication and in our <a href=\"https:\/\/jumpcloud.com\/privacy\">privacy policy<\/a> and may also request the deletion of personal data that JumpCloud has collected by emailing <a href=\"mailto:dpo@jumpcloud.com\">dpo@jumpcloud.com<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">DPDP Overview<\/h3>\n\n\n\n<p>The Digital Personal Data Protection (DPDP) Act, 2023 establishes a framework governing the processing of Personal Data in India, protecting individuals&#8217; data rights while enabling lawful business operations. JumpCloud also offers a data center in India that provides infrastructure capabilities to offer organizations to primarily store data in India.<\/p>\n\n\n\n<p>JumpCloud&#8217;s India data center enables organizations to deploy JumpCloud services within India for data governance and operational preferences. For organizations selecting JumpCloud&#8217;s India data center, customer data is primarily stored in the India region. Certain operational data, including system logs, telemetry, and support-related metadata, may be processed outside the region as part of platform operations, as further described in JumpCloud&#8217;s Data Processing Addendum (DPA). Organizations remain responsible for ensuring their implementation meets regulatory requirements under the DPDP Act.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-contact-jumpcloud\">Contact JumpCloud<\/h3>\n\n\n\n<p>If you have further questions about GDPR, DPDP or other data protection issues, please don\u2019t hesitate to contact us at <a href=\"mailto:sales@jumpcloud.com\">sales@jumpcloud.com<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-jumpcloud-s-sub-processors\">JumpCloud\u2019s Sub-processors<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-sub-processors-authorized-to-process-customer-data-for-jumpcloud-services\">Sub-processors Authorized to Process Customer Data for JumpCloud Services<\/h4>\n\n\n\n<p>As described in the JumpCloud&nbsp;<a href=\"https:\/\/jumpcloud.com\/legal\">Terms of Service<\/a>, JumpCloud\u2019s third-party sub-processors include:<\/p>\n\n\n\n<figure class=\"wp-block-table table is-striped\"><table><tbody><tr><td class=\"has-text-align-left\" data-align=\"left\"><strong>Sub-Processor<\/strong><\/td><td class=\"has-text-align-left\" data-align=\"left\"><strong>Principal Office Location \/ Processing Country (\u201cPC\u201d)<\/strong><\/td><td class=\"has-text-align-left\" data-align=\"left\"><strong>Subject Matter of the Processing<\/strong><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">AWS (Amazon Web Services, Inc.)<\/td><td class=\"has-text-align-left\" data-align=\"left\">PC: USA, Germany and Japan<\/td><td class=\"has-text-align-left\" data-align=\"left\">\u00b7 &nbsp; Cloud hosting and infrastructure provider<br>\u00b7 &nbsp; Firewall web application services<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Salesforce.com, Inc.<\/td><td class=\"has-text-align-left\" data-align=\"left\">PC: USA<\/td><td class=\"has-text-align-left\" data-align=\"left\">\u00b7 &nbsp; Customer relationship management activities and support<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Fivetran, Inc.<\/td><td class=\"has-text-align-left\" data-align=\"left\">PC: USA<\/td><td class=\"has-text-align-left\" data-align=\"left\">\u00b7 &nbsp; Data integrations, normalization, and management services<br>\u00b7 &nbsp; Fivetran processes personal data in order to facilitate migration of data from&nbsp; data sources into a data warehouse.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Google LLC<\/td><td class=\"has-text-align-left\" data-align=\"left\">PC: USA<\/td><td class=\"has-text-align-left\" data-align=\"left\">\u00b7 Cloud hosting and infrastructure services for certain product features<br>\u00b7 Artificial intelligence services (non-training; AI features only)<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Snowflake Inc.<\/td><td class=\"has-text-align-left\" data-align=\"left\">PC: USA<\/td><td class=\"has-text-align-left\" data-align=\"left\">\u00b7 &nbsp; Data warehousing, hosting and storage services<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Segment.io, Inc.<\/td><td class=\"has-text-align-left\" data-align=\"left\">PC: USA<\/td><td class=\"has-text-align-left\" data-align=\"left\">\u00b7 &nbsp; Customer data platform services (analytics, data-driven decision making)<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">SendGrid, Inc.<\/td><td class=\"has-text-align-left\" data-align=\"left\">PC: USA<\/td><td class=\"has-text-align-left\" data-align=\"left\">\u00b7 &nbsp; Email platform<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">DataDog, Inc.<\/td><td class=\"has-text-align-left\" data-align=\"left\">PC: USA, Germany and Japan<\/td><td class=\"has-text-align-left\" data-align=\"left\">\u00b7 &nbsp; Business analytics<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Intercom, Inc.<\/td><td class=\"has-text-align-left\" data-align=\"left\">PC: USA<\/td><td class=\"has-text-align-left\" data-align=\"left\">\u00b7 &nbsp; Customer Support<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Subscribe to<a href=\"https:\/\/jumpcloud.com\/gdpr\/feed\"> this RSS feed<\/a> to be alerted when our GDPR &nbsp;policies and sub-processors change.<\/p>\n\n\n\n<p>UPDATED: May 4th, 2026<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Data security and trust are integral to JumpCloud\u2019s Directory-as-a-Service\u00ae platform. This webpage is a broad overview of JumpCloud\u2019s compliance with [&hellip;]<\/p>\n","protected":false},"author":52,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"tags":[2623],"platform":[],"funnel_stage":[],"coauthors":[2531],"class_list":["post-12678","page","type-page","status-publish","hentry","tag-gdpr"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.3.1 (Yoast SEO v25.3.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>JumpCloud Data Protection<\/title>\n<meta name=\"description\" content=\"This web page is a broad overview of JumpCloud&#039;s support of the EU General Data Protection Regulation (GDPR) and India&#039;s Digital Personal Data Protection Act (DPDP).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/gdpr\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"JumpCloud Data Protection Standards\" \/>\n<meta property=\"og:description\" content=\"This web page is a broad overview of JumpCloud&#039;s support of the EU General Data Protection Regulation (GDPR) and India&#039;s Digital Personal Data Protection Act (DPDP).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/gdpr\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-04T15:53:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/jumpcloud-logo-2023.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Jon Griffin\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/gdpr\",\"url\":\"https:\/\/jumpcloud.com\/gdpr\",\"name\":\"JumpCloud Data Protection\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2018-02-01T22:36:20+00:00\",\"dateModified\":\"2026-05-04T15:53:06+00:00\",\"description\":\"This web page is a broad overview of JumpCloud's support of the EU General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act (DPDP).\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/gdpr#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/gdpr\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/gdpr#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"JumpCloud Data Protection Standards\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"JumpCloud Data Protection","description":"This web page is a broad overview of JumpCloud's support of the EU General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act (DPDP).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/gdpr","og_locale":"en_US","og_type":"article","og_title":"JumpCloud Data Protection Standards","og_description":"This web page is a broad overview of JumpCloud's support of the EU General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act (DPDP).","og_url":"https:\/\/jumpcloud.com\/gdpr","og_site_name":"JumpCloud","article_modified_time":"2026-05-04T15:53:06+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/jumpcloud-logo-2023.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"6 minutes","Written by":"Jon Griffin"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/gdpr","url":"https:\/\/jumpcloud.com\/gdpr","name":"JumpCloud Data Protection","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2018-02-01T22:36:20+00:00","dateModified":"2026-05-04T15:53:06+00:00","description":"This web page is a broad overview of JumpCloud's support of the EU General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act (DPDP).","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/gdpr#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/gdpr"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/gdpr#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"JumpCloud Data Protection Standards"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/pages\/12678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/52"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=12678"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/pages\/12678\/revisions"}],"predecessor-version":[{"id":148425,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/pages\/12678\/revisions\/148425"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=12678"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=12678"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=12678"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=12678"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=12678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}