General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a regulation from the European Union (EU) that aims to harmonize data-protection legislation across EU member states by enhancing privacy rights for individuals. It applies to organizations processing personal data that offer goods or services to individuals in the EU. It also grants EU-based data subjects certain rights to control the data that organizations collect on them, and how organizations use that information. 

At SEC, we are committed to your privacy, whether you live in the EU, or outside of it. This means we apply GDPR principles to all of our processes. We believe in having appropriate systems to ensure compliance.

Additionally, if you are purchasing SEC services, we want you to know that we take our responsibilities to protect the personal data of our community very seriously.

SEC and Data Security

SEC is committed to security by design in our products and services. Our Development and Security teams are hard at work to ensure we protect the data you entrust to us.

Information for Data Subjects

SEC users meet the GDPR definition of ‘data subjects’. The GDPR provides enhanced rights to individuals including the right to data portability and ‘the right to erasure, also known as the right to be forgotten, the right to restrict processing and the right to object.’ You have the ability to exercise these rights via our data subject access rights page where you may submit a Request or by submitting a request to And because we care about your privacy rights we make these access requests available to you whether you are in the EU or not.

SEC now makes it easy for you to request any information we store on you, to understand how that information has been collected, and to know who we have shared your information with. We’ve revised our Privacy Policy and Cookie Policy to provide more details about how we collect, use, transfer, and safeguard your information.

Information for Data Controllers (Customers)

Our business customers are data controllers when they purchase certain of our products and services. We act as processors on behalf of such Customers. Customers who wish to provide personal information to Stack Overflow when using our services will be provided with SEC’s Data Processing Agreement (SEC as Data Processor) or SEC will otherwise enter into an appropriate Data Processing Agreement (DPA). Our DPA covers what information we collect, how we treat that data when you use our products and services, and what obligations SEC assumes under Article 28 of the GDPR.

We do not partner with any third party vendors to process personal information (sub processors) for each of our services.

SEC, Inc. will accept and offer EU approved model clauses (SCCs) as a valid transfer mechanism upon request.

Should you have any questions concerning the Data Processing Agreement or SEC’s obligations, please read our Privacy Policy or contact us for further information at: