GDPR - How is Chargebee preparing for it?

With the EU General Data Protection Regulation (GDPR) to take effect from 25th May 2018, we are gearing up towards ensuring we are compliant with EU’s latest legislation around processing and handling personal data of EU citizens. This is a step forward for individuals towards achieving greater transparency and control over their personal data, and for businesses becoming more accountable. Here’s an overview of how we are preparing for it: 

We are committed towards being GDPR-compliant by May 2018. We have been assessing our requirements and are rolling out changes for GDPR by setting up an internal compliance team  along with functional heads, that is working with an external specialist for the same. 

Data Processing Addendum

We have our Data Processing Addendum (DPA) which covers aspects related to processing of personal data by Chargebee on behalf of Customer in order to provide services agreed. Contact for a copy of the DPA.

Security Measures 

At Chargebee, we have implemented and will maintain appropriate technical and organizational measures to protect Customer Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorized disclosure of, or access to the such data (a "Security Incident"). Measures to protect Customer Data from a Security Incident are described on our security page

We also conduct monthly internal system audits to ensure that confidential information is not leaked knowingly or unknowingly to unauthorized people. We have the right procedures in place to detect, report and investigate a personal data breach. 


At Chargebee, security is of utmost importance to us and we are dedicated towards providing the highest level of data protection to our customers. 

Security Certifications

  • PCI Level 1 compliance for maintaining a safe and secure environment to accept, process and store credit card information. 

  • ISO 27001:2013 certification, which sets the standards for managing information security in an organization. 

  • SOC 1 Type 1 compliance for showing internal control over financial reporting, and for showcasing vendors who have deployed internal control during audits.

  • EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield for transferring the personal data of people in the EU and Swiss to the US. 

We will keep you posted on our progress towards GDPR compliance. Feel free to reach out to us at if you have any questions. 


1 person has this question
Login or Signup to post a comment