Compose Database-as-a-Service Help and Documentation

Everything you need to know about Compose, Hosted or Enterprise, is here in our help system. Whether you run one database for your businesses' sole application or six different databases to support an entire corporation, we've got the information you need.

EU Safe Harbor

Due to various rulings in Europe, we suggest that you consult this article for the current state of privacy and safe harbor legislation. The US Department of Commerce is maintaining a EU Safe Harbor list and we are retaining this page while they do so.

Introduction

Compose, Inc. is a full service cloud database hosting provider that focuses on simplicity, reliability, and security of customer data. Protecting consumer privacy is important to Compose, Inc. (hereinafter collectively referred to as the “Company,” “we,” “us” or “our”).

Accordingly, Compose, Inc. complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce (hereinafter collectively referred to as the “Safe Harbor Principles”, “Principles”) regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Compose, Inc. has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Compose, Inc.'s certification, please visit http://www.export.gov/safeharbor/.

The Company has a firm commitment to adhere to the Safe Harbor privacy principles and the 15 FAQs that make up the applicable Safe Harbor Framework(s). As such, if there is any conflict between the policies in this privacy policy and the Safe Harbor Principles, the Safe Harbor Principles shall govern. This privacy policy outlines our general policy and practices for implementing the Principles, including the types of information we manage, and our role as a Data Processor facilitating notices and choices that affected individuals have regarding Customer use, and an individual’s ability to correct that information. Compose, Inc. facilitates this process by providing an open and transparent data access layer to help customers comply with European Union’s Directive 95/46/EC on data privacy (hereinafter referred to as the “Directive”). To learn more about the EU Directives, please visit http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995l0046:EN:HTML.


We self-certify compliance with

Compose, Inc.'s Safe Harbor Policy

Definitions

“Customers” refers to direct users of Compose, Inc.'s services, who have signed up for a Compose account, and allow Compose, Inc. to store their data.

“Personal Data” or “Information” means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; (4) can be linked to that individual; and (5) does not apply to information collected by Compose, Inc. directly about Compose, Inc.’s customers. For information regarding our use, disclosure and handling of information we collect directly from our customers located in the European Union, please see the Compose, Inc. Privacy Statement located at http://docs.compose.io/policies/privacy.html.

“Sensitive Personal Data” means personal data that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

“Safe Harbor Principles” or “Principles” means both the European Union Safe Harbor Framework and the U.S.-Swiss Safe Harbor Frameworks published by the U.S. Department of Commerce. For more information regarding the Safe Harbor Principles and the Directive, please visit http://www.export.gov/safeharbor/.


Data Processor

Compose, Inc. acts as a cloud data storage provider offering to its Customers a cloud‐based hosted, and/or remotely managed database solution. Thus Compose, Inc. provides hosting services on its servers for Customers who need data storage for their software applications. Compose, Inc. does not own, control or direct the use any of the Personal Data stored or processed by any Customer. Only the Customer is entitled to access, retrieve and direct the use of such Personal Data. Compose, Inc. is neither aware nor responsible for what Personal Data is actually being stored and does not directly access such Personal Data except as authorized by the Customer or as necessary to provide services to the Customer. Except as provided in this Privacy Policy, Compose, Inc. does not independently cause stored Personal Data to be transferred or otherwise made available to third parties, except to third party subcontractors who function on behalf of the Company in connection with our provision of services to Customers. Instead, such actions are performed or authorized only by the applicable Customer. Compose, Inc. should be considered only as a processor on behalf of its Customers as to any Personal Data transferred from the European Union or Switzerland to the United States that is subject to the requirements of the Directive. The Customer is the “Data Controller” under the Directive; meaning that such party controls the manner Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data. Compose, Inc. is not responsible for the content of the Personal Data or other information stored on its servers at the direction of the Customer nor is Compose, Inc. responsible for the manner in which the Customer collects, handles, discloses and distributes such Personal Data.

Data Controller

The Safe Harbor Principles require that those who collect and determine the purposes and the means of the processing of Personal Data adhere to certain requirements related to compliance with the Directive. The specific functions of a Data Controller depend on the laws of each EU member state. However, since Compose, Inc. does not collect or determine the use of any Personal Data stored on its servers, and since it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data, Compose, Inc. is not acting in the capacity of Data Controller and does not have the associated responsibilities under the Directive or the Safe Harbor Principles.

Customer Agreement and Security

Compose, Inc. and each Customer located in the European Union or Switzerland will enter into an agreement/contract that specifies each party’s role in complying with the Directive and the Safe Harbor Principles. Any such contract with an EU or Swiss Customer will also specify that the Customer is responsible for security measures with respect to its Personal Data stored on Compose, Inc.’s servers. Although Compose, Inc. has implemented commercially reasonable security measures to protect Personal Data stored on its servers, Customer is ultimately in control of whether the Personal Data is made available to third parties. Compose, Inc. will comply with Customer’s instructions with respect to the return, update or destruction of Personal Data stored on Compose, Inc.’s servers.

In its role as a processor of Personal Data on behalf of its Customers, Compose, Inc. is not able to or required to apply all of the Safe Harbor Principles to Personal Data subject to the Directive that is received for processing from Customers. Instead, Compose, Inc.’s role as a data processor is to assist the Customer, at the Customer’s request, in complying with its obligations under the Directive.

Notice

Compose, Inc. requires its Customers located in the European Union or Switzerland to comply with their obligations under the Directive prior to the transfer of any such Personal Data from the European Union or Switzerland to the United States, including, should the case arise, compliance with the obligations to provide notices and obtain consents of individuals about the purposes for which they collect and use Information, as required under the Directive with respect to Personal Data.

Choice

Compose, Inc. requires its EU Customers to provide individuals the opportunity to choose (opt out) whether their personal information will be (1) disclosed to a third party or (2) used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, affirmative or explicit (opt in) choice must be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.

Onward Transfers

Compose, Inc. does not disclose any Personal Data to third parties that has been collected by its Customers, and provides an adequate level of privacy protection to prevent third party access to any such Information. Compose, Inc. also requires its Customers to disclose to individuals any such transfers of their own Personal Data to third parties, and allow the individual a choice (opt out) of such disclosure, as outlined in the Directive.

Access

Compose, Inc. allows for its Customers to respond to an individual’s request to access to their Personal Data and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.

Security

The control, access, and security of the Personal Data stored on the Compose, Inc. servers is (1) in the direct and primary control of the Customer, and (2) subject to the security measures undertaken by the Customer. Subject to the foregoing, Compose, Inc. has in place information security procedures and commercially reasonable security measures designed to protect Personal Data stored on its servers from loss, misuse, unauthorized access, disclosure, alteration and destruction. Customers will be notified of any breach with respect to their stored Personal Data of security measures implemented by Compose, Inc. of which Compose, Inc. becomes aware.

Any compromise of security or potential compromise of security of which a Customer becomes aware and any inquiries concerning security should be reported promptly by such Customer to Compose, Inc. Contact information is provided below.

Director of Customer Support, Compose, Inc.

And to:

support@compose.io

Data Integrity

Compose, Inc. is not authorized to access or manipulate Personal Data stored on its servers other than as necessary to provide services to a Customer or as otherwise permitted or directed by such Customer. Compose, Inc. takes reasonable steps to assure that Personal Data transferred from the European Union or Switzerland to the United States and stored on Compose, Inc.’s servers is maintained in a reliable, accurate and complete state, subject to any deficiencies in the state in which such Personal Data was received.

Enforcement

Individuals who wish to file a complaint or who take issue with Compose, Inc.’s EU/Swiss Safe Harbor Privacy Policy should direct such communication to the Compose, Inc.'s Director of Customer Support who can explain the process to be followed when filing a complaint. Should an individual be unable to resolve a complaint after having contacted the Privacy Administrator, that individual can contact the International Centre for Dispute Resolution of the American Arbitration Association at www.adr.org. This organization will provide independent dispute resolution in which Compose, Inc. will participate. Compose, Inc. is subject to the jurisdiction of the U.S. Federal Trade Commission, which may be contacted at the following address:

Federal Trade Commission

Attn: Consumer Response Center

600 Pennsylvania Avenue NW

Washington, D.C. 20580

consumerline@ftc.gov

http://www.ftc.gov

Limitations

Compose, Inc.’s adherence to the Safe Harbor Principles is limited to the extent permitted or required by applicable United States laws, rules or regulations.

Amendments

Compose, Inc. may update this Safe Harbor Privacy Policy from time to time to reflect changes in its services and Customer feedback, or as applicable laws and change, and such changes shall become effective promptly after they are posted. Compose, Inc. encourages Customers to periodically review this EU Safe Harbor Privacy Policy to be informed of any changes.

This EU Safe Harbor Privacy Policy was last updated on: August 28, 2014.

EU Safe Harbor