Our Commitment

We’re committed to comply with the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law and came into effect on 25 May 2018.

GDPR strengthens and standardise user data privacy across EU member states, and introduces new or additional obligations on all organisations that handle EU citizens’ personal data.

Clinked: Privacy by design

At Clinked we think about data protection right from the start, when designing systems and features, not just review privacy implications after our product or process is developed.

Addressing Key GDPR Requirements

We help our customer comply with the regulation. At Clinked we have implemented the following measures:


Clinked uses end-to-end encryption, with 256 bit SSL in transit and AES encryption at rest — Clinked also supports TLS 1.2 for all communication.

Transparent information use

Clinked gives you full control of your content, including access controls that allow administrators to grant or revoke access through the platform’s settings and permissions

Visibility into data processing

You are able to access a copy of your data and know where it’s being processed. Our clients are able to exercise these rights with audit logs, easy downloads and management of third-party integrations.

The right to be forgotten

Individuals have the right to ask to delete their personal data. At Clinked, our clients are in full control of their content including deletion, permanent deletion and retrieval of data.

Data portability and data management tools

Businesses and organizations may access, import and export their Client Data using our import/export tools.

Data residency

Data residency allows our clients to choose the region where files/folders are stored.

DPA (Data Processing Agreement)

You can find a copy of our DPA here: https://clinked.com/dpa/

What Are Your Obligations Under The GDPR?

Your obligations depend on whether you are a data controller or data processor. If you are a Clinked customer, you are the data controller, and have specific legal obligations under the GDPR. Clinked acts as your data processor.

As the data controller, you are responsible for meeting obligations surrounding the capture, use and management of your users’ personal data including your own employees and your customer’s information.

Clinked recommends several steps that you can take advantage of to further protect yourself.

Communicate effectively with your clients
Make your terms of service and privacy policy sufficiently clear, accurate and comprehensible and communicate to your users how you are using Clinked on your website or in the application.

Two-factor Authentication (2FA)
Clinked supports 2FA. You can use this to enhance security. When activated, users will be required to setup 2FA next time they login. You can use either SMS or Authenticators during login. Learn more.

Complex passwords
Make it strong. When your users are setting up their account, you can opt to have them use a combination of letters, numbers and special characters for their password.

User-based permissions
Each user has set permissions, defined by the account or group administrator, enabling the relevant viewing or editor rights. Make sure you assign correct permissions

Audit trail
Clinked offers comprehensive Audit Trail. Account administrators can organise and track user activity and generate CSV reports.

Automatic account lockout
Clinked offers a security feature to lock accounts: When a user tries to log in to their account and has been unsuccessful after 6 password attempts, their account will be locked for 1 hour.