Schedule a demo
Schedule A Demo

Compliance & Data Privacy

BURQ is committed to safeguarding the confidentiality, integrity, and availability of personal data processed as an Integration Platform as a Service (iPaaS). We design our services to support our customers’ compliance with global privacy laws, the EU General Data Protection Regulation (GDPR), and other applicable frameworks. This section outlines BURQ’s role, responsibilities, and controls as a Data Processor.

Data Roles

BURQ supports a clear separation of responsibilities in line with GDPR:

  • Data Subjects: Individuals within the EU/EEA whose personal data is processed.
  • Data Controllers: BURQ’s customers, who determine the purpose and means of data processing.
  • Data Processor: BURQ, which processes personal data solely on behalf of and under the instructions of the Data Controller (Customers).

BURQ enforces internal controls to ensure personal data is only accessible to authorized personnel and that all actions taken as a Processor are auditable, secure, and fully traceable.

GDPR Compliance Overview

BURQ acts as a Data Processor when customers use our platform to transfer or transform data between connected systems. Our customers (Data Controllers) determine the purpose and legal basis of the data processing, while BURQ only processes data on their documented instructions.

BURQ does not access, own, or modify the data for any purpose beyond what is necessary to operate the platform. Our platform is designed with privacy-by-default principles, enabling customers to meet their GDPR obligations.

To formalize the obligations between BURQ and each customer, a Data Processing Agreement (DPA) is incorporated. The DPA outlines our respective responsibilities regarding:

  • Scope and purpose of processing
  • Security measures 
  • Breach notification timelines
  • Sub-processor management 
  • Support for data subject rights
  • International data transfer mechanisms

In the event of a conflict between the DPA and any other agreement, the DPA takes precedence regarding data protection terms.

Subject Rights Management

BURQ provides customers with the tools and operational support to fulfill data subject rights under GDPR, including:

  • Right of access
  • Right to rectification
  • Right to erasure (Right to be forgotten)
  • Right to object
  • Right to restrict processing
  • Right to data portability

Customers can initiate subject rights requests through BURQ’s support team or platform interface. As a Data Processor, BURQ assists with fulfilling these requests within the required X-day response window, including locating, retrieving, or deleting relevant data across connected systems.

BURQ does not respond directly to data subjects unless instructed in writing by the customer (Data Controllers).

Data Handling

BURQ handles data with strict controls during processing:

  • Encryption in transit: All data transmitted between systems and within the platform is encrypted using industry-standard protocols (TLS 1.2+).
  • Encryption at rest: Sensitive data stored temporarily for retries, transformations, or logs is encrypted at rest using AES-256 encryption.
  • Data retention: Personal data is only retained for the minimum time required to fulfill processing tasks. By default, transient processing data (e.g., logs, payloads) is retained for X days post-processing, after which it is securely deleted.

Customer Responsibility – Managing Your Data

As the Data Controller, you are in full control of the personal data entrusted to BURQ iPaaS. We encourage all customers to manage and submit only the data necessary to fulfill their integration use cases, in line with their privacy obligations.

To ensure the secure handling of your data throughout the integration lifecycle, please observe the following best practices:

  • Only submit personal data to BURQ connectors that are appropriate and necessary for your use case.
  • Use secure HTTPS endpoints for all integrations; plain HTTP is not supported.
  • Data transmitted through the platform is always encrypted in transit using industry-standard protocols.

These controls, combined with customer vigilance, ensure that data processed through BURQ remains secure, compliant, and purpose bound.

Data Governance & Ownership

BURQ prioritizes data governance and data quality to ensure compliance, maintain trust, and support operational excellence across all integrations. As a Data Processor, BURQ provides the technical foundation and oversight needed for customers to manage their data reliably and securely.

  • Data Ownership: personal data processed through BURQ iPaaS remains the sole property of the customer (the Data Controller). BURQ does not access or use customer data for any purpose outside the scope of the customer’s instructions.
  • Data Quality and Integrity- BURQ’s platform is designed to ensure the accuracy, consistency, and reliability of data as it moves between systems. By leveraging automated validation rules, transformation logic, and error handling, BURQ helps eliminate manual intervention and reduce data discrepancies across workflows. This ensures that your integrations not only remain compliant but also deliver clean, trustworthy data to downstream applications.
  • Strategic Enablement- By embedding strong data governance and quality principles into its platform, BURQ empowers IT leaders and business teams to:
    • Build trust in data shared across connected systems
    • Streamline operations with less manual effort
    • Scale integration strategies with confidence
    • Improve customer experiences through consistent and accurate data delivery
  • Governance Structure-BURQ has implemented an internal governance framework that promotes compliance, data stewardship, and quality assurance. This framework includes:
  • A cross-functional security and compliance team responsible for data protection controls, risk assessments, and audit readiness.
  • Documented processes to enforce GDPR-aligned policies on data handling, subject rights, breach response, and retention.
  • Role-based access controls, segregation of duties, and access reviews to ensure only authorized personnel can process customer data.
  • Built-in traceability and audit logs across platform actions, fostering accountability at every layer of processing.
  • Data Protection Officer- BURQ has appointed a Data Protection Officer (DPO) responsible for overseeing the organization’s compliance with data protection laws, including the GDPR. The DPO serves as the primary point of contact for supervisory authorities and ensures that BURQ’s data governance practices remain aligned with regulatory requirements and industry best practices.