Skip to main content
How Gearset handles Personal Data

Information about how Gearset handles Personal Data.

Tom Anghileri avatar
Written by Tom Anghileri
Updated over a week ago

Our commitment

Trust is a core principle at Gearset. We understand the kind of data that users trust Salesforce with, and Gearset has been built to respect that data and that trust. Your private information has, and always will be, treated with the utmost care and security. Our team works hard to ensure that our processes comply with all applicable privacy laws.

Our handling of Personal Data

We collect and process Personal Data in a number of different ways, depending on the nature of our relationship with the data subject, what laws are applicable, and whether we are the data controller, processor, importer or exporter.

  • Our security page lists some of our approaches we use to protect your data from unauthorised access, including encryption and access controls.

  • Our Privacy Policy explains what Personal Data we collect as a controller, how we use it, and the relevant data subjects’ rights in relation to that data.

  • Our Data Processing Addendum sets out how we process Personal Data on behalf of our customers.

  • Our Master Services Agreement explains when our Privacy Policy applies and when our Data Processing Addendum applies.

Customer control in the Gearset app

  • Gearset makes it easy for you to manage your mailing list subscription status from the My Account page in the app, as well as when you first create your Gearset account.

  • For automated job notifications (such as CI), you can manage your notification settings from within the job settings.

  • Customers using Gearset’s data backup functionality can self-service export and delete individual records to comply with their own data processing obligations.

  • Additional functionality allows users to self-service delete their data in the app, including the ability to delete all backed-up data from our servers and delete their account and associated data.

External security measures

  • We undergo regular external audits to review our robust security framework and are certified to meet ISO 27001 - the international information security standard.

  • Gearset undergoes regular penetration tests by CREST certified professionals. These tests probe for vulnerabilities in our application and ensure we're always ahead of the game in keeping our security world-class.

  • Gearset runs a continuous bug-bounty and crowdsourced penetration testing program through Bugcrowd to encourage responsible disclosure of any vulnerabilities.

Operational security measures

  • We maintain internal access policies to ensure that the right people have access to the right level of customer data, and no-one can access more than they need to to perform their role.

  • Our team is trained on privacy, security and data protection, and how to ensure that we comply with applicable laws.

  • We review our partners and suppliers to ensure they comply with applicable laws and are adequately protecting our and our customers' data.

International Transfers

Whenever we transfer Personal Data outside of the UK or European Economic Area, we ensure it is protected by an appropriate transfer mechanism, such as the Standard Contractual Clauses. For more information, please see our Data Processing Addendum.

How to contact us with data queries

If you have any questions about how we store or process your data, or want to issue data requests, please speak to your usual Gearset contact or email us at [email protected].

You can also learn more about our security practices at

Did this answer your question?