We are frequently questioned about our approach to data protection, so here is further information on that. Please contact us if you require additional information or answers to queries not addressed here.
Is Exchange Gate GDPR compliant?
Yes. Exchange Gate has made certain that it has taken all required efforts to comply with the GDPR rules.
Does Exchange Gate have a GDPR DPA (Data Processing Agreement)?
Yes. It can be found here, as an addendum to and as a standard part of our Terms of Service.
What level of data encryption does Exchange Gate use?
Exchange Gate uses TLS 2048 bit encryption for all data in transit. However, customers can elect not to transmit their data over TLS. All data within the same datacenter in Exchange Gate has moved around un-encrypted as it cannot be intercepted but is always encrypted when moved between data centers. Exchange Gate also offers optional 256-bit AES symmetric encryption which makes it impossible for Exchange Gate to inspect any data payloads moving through the system at all.
Does Exchange Gate inspect data it transports?
No. Payloads are never inspected at the exchange gate. We regard them as though they are opaque. Exchange gate, like the postal service in the real world, is a data conduit (a 'dumb pipe').
Does Exchange Gate transport personal data?
Exchange Gate, as a data transporter, has no idea what kind of data we're dealing with. It is feasible for our customers to transport their customers' personal data.
Where is data going through the Exchange Gate platform stored?
Data in transit is stored ephemerally (i.e. not on disk) in all 14+ data centers in all regions. Each region can have two or more data centers. Messages are only persisted when the history feature is explicitly enabled, and that data is stored in US East Virginia, Europe Ireland, and Asia Singapore.