Skip to main content
GDPR and Nutshell
Andy Fowler avatar
Written by Andy Fowler
Updated over a week ago

Our commitment to privacy and data protection

Nutshell’s stance has always been that you own your data. Security has always come first as we build, develop, and support your CRM. We are committed to our customers’ data protection and data privacy, and we welcome the General Data Protection Regulation (GDPR) as it strengthens and standardizes user data privacy across the EU.

The GDPR took effect in 2018 and expanded the obligations of organizations that handle the personal data of EU citizens. If you are located in the EU or do business in the EU, you are subject to the regulations. Below, we’ll share Nutshell’s preparations for GDPR compliance and information about how you can maintain your own compliance using Nutshell.

How Nutshell is prepared for GDPR

The Nutshell team has diligently planned our approach to GDPR. We are eager to assist our current and future customers to confidently use Nutshell to serve their EU-based clients.

Nutshell is a data processor for your organization.

Steps Nutshell takes to assist with your data security:

  • Conduct full-scale data mapping exercises; we know where your data is stored, who can access it, and how it’s used.

  • Conduct organization-wide trainings for customer privacy and data security awareness.

  • Provide necessary model clause agreements.

  • Provide tools to assist with your compliance efforts.


Nutshell considers the security of our users and the data they collect to be a top priority. We are trusted with our customers’ valuable data every day, and we’ve set high standards for data safety and reliability.

Nutshell has invested in our technical, administrative, and physical infrastructure to continuously meet or exceed industry standards. In preparation for GDPR, we are expanding awareness around security and best practices across our entire organization. We are also maintaining a detailed data map to record where personally identifiable data is stored, who has access to the data, the purpose of the data storage, and how the data is imported/exported.

Nutshell uses Amazon Web Services (AWS) to store and secure all customer data. Your data is encrypted at rest in our databases, and accessed through 256-bit TLS 1.2 encryption. We do not store credit card or other financial information on our servers, and billing information is always secured with a PCI-compliant provider.

Our security page provides in-depth information about our approach to security.

International data transfers

Your data is securely stored in the United States on AWS servers.

Nutshell will offer EU Model Clauses, also known as the Standard Contractual Clauses, to meet the requirements of our customers who operate or collect personal data in the EU. To enter into a Model Clause Agreement with Nutshell, download and sign our Data Processing Agreement, and return a copy to

Data portability and how you can comply with GDPR using Nutshell

Nutshell is dedicated to providing our customers with the tools they need to maintain compliance under GDPR. Our product development roadmap is informed by the needs of our customers and product changes to enable compliance are a priority.

The tools Nutshell provides to help customers become GDPR compliant include:

  • Importing and exporting tools: You can easily add data to Nutshell as well as export a copy of data. Imports and exports are used for data portability and simple updating of the personal data that you store in Nutshell. Also available via our API.

  • Edit, bulk edit, and delete companies, people, or leads: If your customers request deletion or updates to their personal data, these tools allow you to handle those requests easily. Also available via our API.

  • Origin and source tracking: Understand where personally identifiable information regarding your companies, people, and leads came from.

  • User profiles: Your personal information in your Nutshell user profile may be edited or deleted at any time.

  • The option to immediately and permanently delete a company or person from Nutshell.

  • A one-click export option for any individual company, person, or lead.


Did this answer your question?