top of page

Approval software data protection

GDPR - Approval Donkey

Approval Donkey has always been dedicated to maintaining the best security for our customers. When the EU’s new GDPR regulations are implemented, we’ll be ready.

What you should know


GDPR distinguishes between a data controller (who collects and owns the data) and a data processor (who handles the data on behalf of the Controller). Approval Donkey is a data processor. As a customer with Approval Donkey, you are usually the controller. When classified as the data controller, Approval Donkey customers must meet certain obligations, such as notifying or obtaining data subject consent.

How Approval Donkey can help

As the data processor, Approval Donkey promises to:

  • Keep your data safe, secure, and private

  • Disclose our sub-processors and monitor their GDPR compliance

  • Keep records of compliance and audit logs as required

  • Make available tools to handle data subject requests, such as right-to-erasure and right-to-access

  • Notify you of a security breach using your account notification contact (in this case your email address)



Approval Donkey utilizes the following Sub-Processors when providing our service:


Integration Partners

You also have the option to enable additional Approval Donkey integrations (either built-in or through our APIs or webhooks). We do NOT directly evaluate or attest to the GDPR qualifications of integration partners. Each customer is responsible for evaluating any third-party before creating or enabling an integration. These include, but are not limited to:

  • Xero

  • Zapier

For questions, feel free to contact us on:  

Last updated: May 2019

bottom of page