GDPR Information

What's the GDPR?

The GDPR sets up legal protections around personal data that originates in the EU, but applies to any company that handles the personal data of users in the EU.  Appcues is a US company, yet all of our customers with one or more end users in the EU need to ensure that each 3rd party service used (including Appcues) is GDPR-compliant in order to be GDPR-compliant themselves.
The most important protections include:
  • Right to access -- why and how we collect and use personal data
  • Right to erasure -- ability to delete data for a single user
  • Right to data portability -- ability to provide a copy of all data collected for a single user


Appcues is fully compliant with the GDPR, and is a participant in the Privacy Shield framework. You can read details about our GDPR compliance, the kinds of data we collect, and procedures to handle GDPR-related requests on our privacy page:

DPA Contract

If you'd like to ensure GDPR compliance with a contract, Appcues offers a Data Processing Addendum (DPA) with standard contractual clauses.  Please let us know if you'd like us to pass this along, by sending the name and email of the signing recipient to

We're happy to answer other questions about the GDPR, security or compliance -- please don't hesitate to contact us at