Data Protection and Data Recovery

Data Protection and Data Recovery

Data Protection

ApprovalMax processes personal data as both a Data Controller and Data Processor, as defined in the Directive and the General Data Protection Regulation (GDPR). We are a Data Controller with regard to the client information we process for our own purposes, and we are a Data Processor with regard to all information clients upload to our systems, platforms or software. 

You may request a Data Processing Agreement (DPA) to govern our processing relationship by contacting our Customer Success team

All your personal information is protected and we have put in place appropriate physical, electronic, and management procedures to safeguard and secure the data we collect. 


Data Recovery

All information you upload in our app is stored in a database in a secure data centre in Microsoft Azure. 

ApprovalMax utilises the built-in Microsoft Azure backup service and performs two types of backups:
  1.  Full backups of all customer data are done daily
  2.  Incremental backups are done every 10 minutes
Backups are stored using the built-in Microsoft Azure data storage.

The recovery of customer data is done using the built-in Microsoft Azure capabilities. In a disaster event, backed up data will be made available to users within 6-12 business hours.


For questions related to information security, please refer to our Security Portal.

    • Related Articles

    • Account protection

      2-factor authentication ApprovalMax provides a 2-factor authentication mechanism to protect users from account takeover attacks. Account takeover protection ApprovalMax protects our users against data breaches by monitoring and blocking brute force ...

    • Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)

      If you are from the European Economic Area (EEA), the ApprovalMax Limited legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we ...

    • Data encryption

      Encryption in transit All data sent to or from our infrastructure is encrypted in transit via industry best practices using Transport Layer Security (TLS 1.2). Encryption at rest All our user data (including passwords) is encrypted using ...

    • Retention of Data

      ApprovalMax will retain your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are ...

    • Disclosure of Data

      Business Transactions: If ApprovalMax is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy. For ...