How Lucid Keeps Your Data Safe under the Privacy Shield Framework

Update (2021.03.26): On July 16, 2020, the Court of Justice of the European Union (CJEU), in C-311/18 (often referred to as Schrems II), invalidated the EU-U.S. Privacy Shield as a valid framework for transferring customers’ personal data from the EEA or UK to the U.S. Notwithstanding the Schrems II decision, Lucid continues to maintain its EU-U.S. Privacy Shield and Swiss-US Privacy Shield certification and abide by the Privacy Shield Framework Principles. If you have any questions or concerns, please contact Lucid at privacy@lucidchart.com.

Here at Lucidchart, security for your data is our top priority, no matter where you live. That’s why we’ve made it a priority to become self-certified under the Privacy Shield Framework. As of October 12th, 2017, we officially met all of the requirements and became self-certified.

What is the Privacy Shield Framework?

The Privacy Shield Framework was created through a partnership between the U.S. Department of Commerce and the European Commission to ensure that EU citizens’ personal data is kept secure, specifically to meet European data protection principles. Chief among these principles are:

• Notice to EU citizens about how their data is collected and used
• The right for EU citizens to access and amend their data held by companies that have collected it
• The right to have that information deleted
• Certainty that this data is used only for the limited purpose for which it was originally collected

The U.S. government provides strong oversight for the framework, and the framework provides members of the European Union with multiple avenues for redress when it comes to a company’s Privacy Shield Framework compliance.

To get all the details on program oversight and the rights for individual users, check out this fact sheet.

What does it mean to be self-certified?

Companies apply for the Privacy Shield certification voluntarily, but once certification is complete, they are bound by U.S. law to adhere to the Privacy Shield Framework standards. Companies who self-certify under the Privacy Shield Framework provide transparency in their privacy policies on how they use personal information. As part of the self-certification process, companies describe the purposes for which the organization processes personal data and provide a means for dispute resolution should EU citizens have concerns about compliance.

What does this mean for Lucid?

As a result of Lucid’s successful application for self-certification, the U.S. Department of Commerce has examined Lucid’s privacy policy and the types of data we collect, and it has deemed that Lucid provides adequate privacy protection to allow for the transfer of personal data from the EU to the U.S. under the EU Data Protection Directive.

In short, we are doing what it takes to make sure that your data stays secure. To learn more about data security at Lucid, check out our data security page.