GDPR and Cozy Cloud

The General Data Protection Regulation is a new, European-wide law. 

It provides individuals with new rights in relation to how your personal data is collected, used and stored and provides new rules for organisations on how to handle personal data.

Why now? In almost three decades, the WEB has deeply changed its first purpose and the General Data Protection Regulation (GDPR) is coming into effect to fix it. 
And Cozy Cloud? Since its creation, Cozy is based on the same values that have brought this new regulation to its application: give you back control of your personal data and the power to use them in a space that belongs to you. We did not wait for the GDPR to implement them and protect your personal data.
As proof, the essence of our commitments has remained intact with the application of this new law.

What changes for our Cozy users? More precisions on your new rights. 

    • Right to data portability: One of the first strong engagement “You will stay because you can leave” makes even more sense today
    • Right to be informed: We’ve reworded our privacy policy including our third-party contractors to make it easier to understand what personal data we collect, how we collect and process the data, and for what purposes. 
    • Right to control: Cozy has always been designed to provide each individual with a digital solution that he or she controls: self-hosting free software that protects every personal data. We have reinforced with a label of trust for the applications that will be available on the marketplace. Feel free to accept or refuse which data they use.

GDPR comes true! Our Terms of Service have been updated and are going into effect on May 25, 2018 to all our Cozy users. 

Want to read the full policy? Check it out here!

If you have any questions regarding our new privacy policy and our new terms of services, you can send at this special email

Read more about Data Portability 

Article 20. Right to data portability

  • 1.   The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
  • (a)    the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  • (b)    the processing is carried out by automated means.
  • 2.   In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  • 3.   The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • 4.   The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

Still need help? Contact Us Contact Us