At OKRs Tool, we take data protection seriously.
We’re fully committed to complying with the General Data Protection Regulation (GDPR) and ensuring that your personal data is handled with care, transparency, and accountability — no matter where your team operates.
What Is GDPR?
The General Data Protection Regulation (GDPR) is a European Union regulation that governs how organizations collect, use, store, and protect personal data of EU residents. It applies to any business — even those outside the EU — that processes personal data of individuals located in the EU.
Our Commitment to GDPR Compliance
We’ve built OKRs Tool with privacy by design. Here’s how we stay compliant and protect your data:
Data Minimization
We only collect the personal data necessary to deliver our services — nothing more. Typical data includes your name, email address, company information, and OKR-related content your team enters.
Lawful Basis for Processing
We rely on legitimate interests, contract performance, and consent (where appropriate) as our legal basis for processing personal data under GDPR.
Transparent Data Practices
Our Privacy Policy clearly explains:
- What data we collect
- How we use it
- Who we share it with
- Your rights under GDPR
We don’t sell your data. Ever.
Subprocessors & Data Hosting
We carefully vet and partner only with subprocessors who meet high standards of security and privacy. All data is securely hosted in GDPR-compliant data centers.
Current subprocessors include:
- AWS (Hosting and infrastructure)
- SendGrid (Transactional email)
We maintain signed Data Processing Agreements (DPAs) with each subprocessor.
User Rights & Controls
OKRs Tool supports the full range of data subject rights under GDPR:
- Right to access your data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object to processing
- Right to restrict certain types of processing
You can access and update your personal data through your OKRs Tool account at any time. To submit a formal request (such as deletion), contact us at info@okrstool.com.
Data Processing Agreement (DPA)
We offer a GDPR-compliant Data Processing Agreement (DPA) for all paid customers. You can request and sign our standard DPA by contacting info@okrstool.com.
Security Measures
We implement industry best practices to keep your data safe, including:
- End-to-end encryption (at rest and in transit)
- Role-based access controls
- Regular vulnerability scans and penetration testing
- Secure development practices
Learn more on our Security Page.
International Data Transfers
If you’re based in the EU or UK, rest assured: we ensure that data transfers outside the EU comply with GDPR requirements through mechanisms like Standard Contractual Clauses (SCCs).
Questions?
If you have any questions about how OKRs Tool handles your data or complies with GDPR, please reach out anytime:
info@okrstool.com
We’re happy to help.
Data Privacy FAQ
Do you store any sensitive personal data?
By default, no. OKRs Tool only collects the minimal data required for team goal tracking — such as names, emails, team roles, and OKR-related content. However, users may manually enter sensitive data (e.g., financial metrics or targets) as part of their OKRs. In those cases, the data is treated with the same strict privacy and security standards as all other user content.
Where is my data stored?
All data is securely stored on servers hosted by Amazon Web Services (AWS), located in GDPR-compliant data centers. We ensure your data stays within approved jurisdictions for EU/UK users.
Can I delete my personal data?
Yes. You can request permanent deletion of your data at any time by contacting info@okrstool.com. We honor all GDPR erasure requests and will confirm once your data has been securely deleted.
Does OKRs Tool use cookies or trackers?
Yes, but only for functionality and performance. We use cookies to remember session states and improve user experience — never to sell or monetize your data. You can manage cookie preferences in your browser.
Do you use AI to process or analyze my data?
No. Any AI features within OKRs Tool (such as suggested Key Results) operate only on user-provided input during the session. Your data is never used to train external AI models or shared with third-party AI platforms.
How do you handle third-party access to my data?
Only authorized subprocessors (e.g. hosting, email services) may access minimal data to deliver core functionality. Each is vetted for GDPR compliance and bound by a Data Processing Agreement (DPA).
Can I get a signed DPA for my company?
Yes. If you're a paid customer and need a signed Data Processing Agreement, just email us at info@okrstool.com. We’ll send our standard DPA for your review and signature.