GDPR Compliance

The General Data Protection Regulation (GDPR), which went into force in 2018, is a European Union regulation that sets various requirements around the control individuals may exercise over their data and imposes penalties for organizations that fail to comply. Read more about GDPR here.

Iris uses GDPR as our intended global standard of protection for users of our technology and services worldwide. 

This means that:


Iris follows the principle of “data protection by design and by default,” which ensures data protection is part of our design.


In accordance with GDPR rules, Iris conducts data protection assessments and has built a robust internal security policy for data protection.


Users of Iris’ platform or services generally have a transparent method to correct or update any inaccurate information they have provided. In addition, users may request that we halt the monitoring of personal information or data processing at any time.


As Iris is based in the United States, a user’s account and monitoring information may be processed outside the country where they are accessing an Iris service or product. When we transfer personal information outside the country where the user resides, we do so in compliance with applicable data protection laws. This transfer is only carried out to ensure delivery of described services.

About Obtaining, Updating, or Deleting Your Data

Iris offers a transparent method for users to obtain, update, or delete their data. 

Please see our Data Deletion Process for instructions