Regulation (EU) 2016/679 (known as GDPR) takes effect on 25.5.2018 and we are happy to let you know that Caflou is fully prepared. Data about you and data you store in Caflou is safe.

Complete information can be found here: Caflou is compliant with GDPR. Changes include updates to General Terms and Conditions and Privacy Statement, updates take effect on 18.5.2018 (and with release of version 1.9.5 of the application).

Brief summary:

According to the GDPR, Caflou has the role of administrator and processor of personal data

From the perspective of the personal data processor, Caflou allows users to store personal data of third-party entities on the user's Caflou account. In accepting the Terms and Conditions, the user willingly agrees that he/she will not use the Caflou application in contradiction to the law. The Client (user/owner of the account in the Caflou application) continues to be the administrator. The Client is not freed of the responsibility for the processing of personal data by using the Caflou application.

Functions designated for this purpose (i.e. possible storage of personal data) are the Companies, Contacts, and Uploads features. The optional "Reason for Filing" attribute has been added to the Business and Contacts and Files functionality. In it, the party entering data may add information regarding the filing of a company/contact (e.g. purpose for filing and details on agreement with processing).

Data can be exported or deleted from Caflou. The deleted object stays in the Trash of the user’s account for 30 days, any objects can be emptied from the Trash at any time. In the next 30 days after the objects was removed from the Trash, the object is saved on a security back-up and subsequently and irreversibly deleted.

All data (including user and account data in the Caflou application) and users’ personal data are stored centrally in safe repositories. We have valid agreements with all partners. These are prominent and reliable partners. Security of data, information, and the application is described in detail in the Security section or here

We protect all data with strong security and these data are stored in safe repositories; we exclusively use an HTTPS encoded connection. For user access to the application, strong passwords are required, which are encoded and may not be retrieved; voluntary two-phase authentication is available. You will find three levels of security in the application (User log-in, User authorization for the account, User rights in the account and in objects).

From the perspective of the personal data administrator we manage a minimum of personal data (name, surname, e-mail, billing information) that are required for Caflou to function or for billing for paid accounts. All data (including Caflou user data and accounts) and user personal data are stored centrally in secure repositories. We have valid contracts with all our partners. They are important and reliable partners.

All data we have at our disposal have been entered by the user himself / herself. He / she has full access to the data from their profile and account in the application. The user can edit the data directly in the application, delete the data or delete the profile and / or delete the account. Requests for change, deletion, any information can also be sent to

No personal data is or will be used for advertising purposes. Unused data is automatically deleted.

For more information, please email us at or read the following information here: