Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

FAQ: Data Protection and Privacy

This articles gives answers to frequently asked questions around data protection and privacy

Q: Is Future Demand GDPR compliant and built with data protection in mind?
A: Yes. We treat data protection as a core feature of our platform. We adhere to a strict interpretation of GDPR and follow “privacy by design” principles in every development step. We have a Data Protection Officer and a documented privacy management system; all team members are regularly trained and sensitized on data privacy. 

Q: Will you sign a Data Processing Agreement (DPA) with us?
A: Absolutely. Our standard Service Agreement includes a GDPR-compliant DPA (Auftragsverarbeitung) to formalize our role as a processor. In this DPA we commit to all required safeguards – for example, we only process personal data on your documented instructions and implement strict technical and organizational measures (TOMs) to protect your data. These measures (annexed in the contract) cover things like pseudonymization of personal data, access controls, encryption, and timely deletion of data at your request or upon contract termination. You can review our DPA and TOMs in our terms.

Q: Do you share our data with anyone else or use it for other purposes?
A: No. Your data stays your data. We do not share your organization’s data with other clients or third parties, and we never sell personal data. We use your data solely to provide and improve the services for you, as agreed. Even any industry-level insights or benchmarks we offer are based on highly aggregated, anonymous data that cannot be traced back to you or any individual. In short, we will only use your data for the purposes you authorize, and never in a way that would compromise your privacy or confidentiality.

Q: Do you use our data to train your algorithms or AI models?
A: We do use data to train predictive models, but in a privacy-preserving way. This means our machine learning models learn from your data to tailor results to your audiences. Moreover, we train our algorithms on pseudonymized or anonymized datasets – not raw personal details. We aggregate or mask personal identifiers at the earliest possible point, so the algorithms see only anonymized patterns and trends. As a result, our AI can deliver accurate predictions while ensuring individual people remain unidentifiable in the training process.

Q: Are the audience “Taste Clusters” you provide based on personal data?
A: No – our Taste Clusters are built to be privacy-friendly. These clusters are derived from pseudonymized, aggregated data about audience behavior and preferences, without any personally identifiable information. In practice, we group consumers by similar tastes (e.g. listening habits) without including names, emails, or any individualized profiles. This means the insights are statistical and cannot be traced back to any single person. In fact, our Taste Clustering approach is more privacy-preserving than most traditional customer segmentation methods that often rely on personal or demographic attributes. By design, all data we use for clustering is anonymized before any cross-client analysis is done, ensuring no specific customer’s identity can be discerned. So you get rich audience insights while your customers’ privacy remains protected.

Q: What personal data does Future Demand require, and do you minimize data collection?
A: Future Demand strictly practices data minimization, requiring only essential data like a customer ID (which can be hashed). We avoid sensitive personal details (race, religion, health data) entirely, in some cases we even block the delivery of such sensitive personal data points. While contact and behavioral data may be used, unnecessary information is deleted whenever possible. Email addresses or raw customer IDs may occasionally be required for certain operational tasks (e.g., exporting lists), but these are never used in analytics or model training.

Q: Is data in the platform anonymized or pseudonymized?
A: Yes, we employ both pseudonymization and anonymization techniques. For day-to-day processing, personal data is often pseudonymized – meaning we replace identifying fields (like names or emails) with artificial IDs or tokens so that individuals are not identifiable without a separate lookup key. This allows us to link data points for analysis (e.g. connecting a customer’s purchases) while keeping the actual identity shielded. Whenever we combine data for broader insights or share aggregated metrics, we anonymize it first. Anonymization goes a step further to irreversibly strip or aggregate data so that no individual can be re-identified. The bottom line: any personal data you entrust to us is transformed in a way that protects privacy, ensuring no unauthorized person could recognize an individual in the dataset.

Q: Where is our data stored and processed?
A: All personalized data stays within the European Union. We host our platform on secure cloud infrastructure in Europe – primarily in Germany. Our main hosting provider is Amazon Web Services (AWS) in its EU data centers (e.g. in Frankfurt). For supporting our internal business operations we also use trusted sub-processors like Microsoft (for cloud services) and HubSpot (for support tickets), all located in the EU or covered by EU data protection safeguards. We do not transfer your personal data to any country outside the EU. Keeping data in-region helps ensure compliance with European privacy laws and gives you the performance benefits of a local data center.

Q: How is our data secured in your platform?
A: We take security very seriously and implement multiple layers of protection for your data:

  • Secure Infrastructure: Personal data is stored and processed in our own private cloud network (virtual private subnet) that’s isolated from public access. Our servers are hardened and sit behind enterprise-grade firewalls.

  • Encryption: All data in transit is encrypted using up-to-date SSL/TLS protocols. (For example, when data is uploaded or accessed via the platform, it’s always over HTTPS.) We also encrypt personal data at rest in our databases.

  • Access Control: We enforce a strict need-to-know policy. Only a small number of authorized Future Demand team members can access personal data, only to support you and only for the time necessary. Access requires strong authentication (including hardware token 2FA) for our employees.

  • Organizational Measures: We have regular security training for staff and maintain up-to-date security policies. Our development and test environments use dummy/anonymized data – never real personal data – to ensure separation of environments. We also perform regular data backups and can restore systems quickly to ensure resilience against data loss.

In summary, we use state-of-the-art security practices to guard your data against unauthorized access or breaches, combining technical safeguards with strict internal policies.

Q: Will Future Demand help us fulfill data subject requests (e.g. if one of our customers asks to have their data deleted or exported)?
A: Yes, absolutely. As a processor, we are committed to assisting you (the data controller) in meeting your GDPR obligations toward individuals. If one of your customers exercises their rights – such as the right to access their data or the right to be forgotten – we will help you by retrieving, correcting, or deleting the relevant data in our platform as needed, promptly and in full. In practice, you can send us a request to delete or export a particular person’s data, and we will carry that out without undue delay and confirm once completed. We have internal procedures in place for handling such requests to ensure they are executed securely and in compliance with the law. Remember that we will only act on your instruction in these matters (since you control the data), but rest assured we’ll do everything necessary on our end to comply with any valid data subject request.

Q: What happens to our data if we stop using Future Demand or our contract ends?
A: We don’t keep your data longer than we should. If you decide to terminate the service, our DPA guarantees that we will delete or return all personal data we processed for you, as you prefer. Upon contract termination, we will securely erase your personal data in accordance with data protection requirements. All of this will be done promptly and we can provide written confirmation once the data is purged.