Skip to content

What is Safe Harbor?

Safe Harbor is an agreement that thousands of U.S. businesses (including Basecamp) have relied on for the transatlantic transfer of personal data from the European Union.

Where does Basecamp keep my data?

When you use Basecamp, you connect to Basecamp’s servers in the U.S. and voluntarily provide all the data you transmit to Basecamp’s servers in the U.S.

I heard there were changes to Safe Harbor. What happened to Safe Harbor?

On Oct 6, 2015, the CJEU (Court of Justice of the European Union) issued a press release describing its ruling invalidating the rules that allowed transfers under the Safe Harbor agreement.

On July 12, 2016, the EU-U.S. Privacy Shield Framework was approved to replace the U.S.-EU Safe Harbor Framework. Basecamp complies with the EU-U.S. Privacy Shield Framework. See our EU-US and Swiss-US Privacy Shield policy.

What does this mean to me as a Basecamp customer?

If your company is in the U.S. and only uses Basecamp to transact business in the U.S. with non-EU citizens, the Privacy Shield and Safe Harbor agreements do not apply to you and you don’t need to do anything.

If you live in the European Union and store personal data in your Basecamp account, or you use your Basecamp account to do business with EU residents who may provide personal data, you’re now protected under the EU-U.S. Privacy Shield Framework.

If your company is neither in the U.S. nor the EU and does not use its Basecamp account to do business with EU citizens, these agreements do not apply to you.

Where can I find additional information about Basecamp security?

We care deeply about your privacy and keeping your data secure. Our approach to security and your data is documented here.

What’s Basecamp’s stance on Privacy Shield and Safe Harbor?

Since 2011, we’ve been part of the US-EU and US-Swiss Safe Harbor Frameworks and have fulfilled the required precautions to safeguard your data.

Is my data safe on Basecamp?

Yes. We take a responsible and dedicated approach to keeping your data safe, working with security researchers to keep up with the state-of-the-art in web and mobile security. We highly recommend that you research your own country’s guidelines on what is deemed as private data. You should limit the posting of private personally identifiable data to systems that are expressly designed for that purpose.