Is Crossmint GDPR-compliant?

Yes, Crossmint complies with GDPR!

Crossmint complies with the General Data Protection Regulation (GDPR) and continuously updates our policies and processes to align with evolving privacy standards.

Our commitment to GDPR compliance includes:

• We only process personal data necessary for the execution of our services, ensuring no excessive or unnecessary data collection.

• We do not share personal data with third parties unless required to fulfill our services. 

• Internal access to personal data is strictly limited to authorized personnel, who must authenticate using two-factor authentication (2FA).

• We implement AES-256 encryption for stored data and TLS encryption for data in transit, along with robust security monitoring to prevent breaches.

• In the unlikely event of a data breach, we have a dedicated Incident Response Plan, ensuring rapid containment and notification within 72 hours, as required by GDPR.

• We transfer EU personal data only under GDPR-approved mechanisms, including the Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs). Each transfer undergoes an ad-hoc Transfer Impact Assessment (TIA) for compliance with Schrems II requirements.

• We conduct annual reviews and updates of our Data Protection Impact Assessment (DPIA), Privacy Policy, and Data Processing Addendum (DPA) to ensure ongoing compliance.

• Crossmint has appointed a Data Protection Officer (DPO) responsible for overseeing data protection policies, GDPR compliance, and handling data subject requests.

Additionally, we work with an external GDPR consultant to ensure full compliance with EU regulations and best practices. For more details, please review our Privacy Policy or contact us at privacy@crossmint.com.