Autodesk data protection and privacy

The Autodesk Privacy Statement explains how we handle personal data, how such data can be accessed and updated, and how we protect this data when interacting with third parties. 

The Cookie Statement describes the way we use cookies, tags, and pixels in our applications. It links to a tool for users to set their cookie preferences.  

The Children’s Privacy Statement addresses how we collect, process, store, and delete children’s personal data. 

The Candidate Privacy Statement describes how we collect, process, store, and delete personal data about job applicants and prospective candidates. 

Autodesk is committed to be your trusted partner in the privacy field. To assist you in complying with your privacy obligations, Autodesk offers a Data Processing Addendum (DPA), which sets forth Autodesk’s obligations where it is a processor for personal data.

To sign a DPA with Autodesk, simply download the file, sign it, and send it to autodesk.dpa@autodesk.com.

Relevant Autodesk entities are all bound by the same privacy principles. Autodesk has adopted Binding Corporate Rules (BCRs) for controller and processor data transfers. They enable companies to transfer personal data internationally to countries that do not provide an adequate level of protection for personal data as required under the GDPR. Autodesk’s BCRs have been approved by the Irish Data Protection Commission on May 2023, and since then they are annually reviewed and renewed.

You can check the latest version of Autodesk’s BCRs here:

• Autodesk Controller BCR Policy
• Autodesk Processor BCR Policy
• BCR Frequently Asked Questions

Autodesk has self-certified and is officially part of the Data Privacy Framework (DPF). The EU-US DPF, UK Extension to the EU-US DPF, and Swiss-US DPF were respectively developed by the US Department of Commerce and the European Commission, UK government, and Swiss Federal Administration to provide US organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.

You can verify the status of Autodesk’s Data Privacy Framework certification by searching for Autodesk in the official DPF website.

We are a member of the BSA | The Software Alliance and support their work advocating for public policies that improve privacy protections.

We are committed to strong privacy and security protections for customer data that is entrusted to us. 

Autodesk will continue to use Standard Contractual Clauses (SCCs), which remain valid under the recent Schrems II decision by the European Court of Justice, as a legal mechanism for transferring personal data of its customers from the EEA to the US or other applicable jurisdictions. We have recently revised our Data Processing Agreement (DPA) with the new EU Standard Contractual Clauses.

We also offer on request to customers "Supplementary Measures"–these are technical and operational measures (including encryption and review of government requests for access to data) to provide data protection controls for our data transfers from the EU. 

Autodesk has compiled a white paper (Data Transfer Whitepaper) documenting how it complies with EU data transfer requirements. 

Autodesk’s Transparency Report explains Autodesk’s policy on responding to requests for customer data by government agencies for law enforcement purposes. The report also provides statistics on the types of requests Autodesk receives and how Autodesk responds to these requests. Previous transparency reports are available below. 

January 2018 to December 2019

January 2020 to July 2020 

August 2020 to January 2021

February 2021 to January 2022 

February 2022 to January 2023

We provide a link to other important legal documents that may help you fully understand our services and rights, including our General Terms, Special Terms, Subscription Benefits, and Subscription Types. 

Autodesk also offers a Data Processing Addendum (DPA), which sets forth Autodesk’s obligations where it is a processor for personal data under the GDPR. 

We continue to meet our obligations when processing personal data, under the GDPR, which took full effect on May 25, 2018. Learn more about the measures we have taken to ensure our compliance with newer, stricter regulations.

Review our GDPR FAQs.

Select Middle East and Africa FAQs coming soon.

Several US states have enacted new or revised privacy laws including California and Virginia (as of January 1, 2023), Colorado and Connecticut (as of July 1, 2023), and Utah (as of December 31, 2023).

Review our North America FAQs.

Canada

Review our PIPEDA FAQs.

Review our Quebec Law 25 FAQs.

The LGPD, which came into effect on September 18, 2020, sets forth rules for processing data relating to individuals in Brazil. Learn more about the measures we are taking to comply with the LGPD.

Review our LGPD FAQs.

Selected other Latin America FAQs coming soon.

China’s Personal Information Protection Law (PIPL) came into effect on November 1, 2021. The PIPL creates new rules for processing information relating to individuals in China. Learn more about the measures we are taking to comply with the PIPL.

Review our PIPL FAQs.

Review our Australia’s Privacy Act and Australian Privacy Principles FAQs.

Review our Indonesia’s Data Protection Regulations (IDPR) FAQs.

Review our India’s Digital Personal Data Protection Act (DPDPA) FAQs.

Review our Korea’s Personal Information Protection Act (PIPA) FAQs.

Review our Vietnam’s Personal Data Protection Decree FAQs.