Flexera Trust Center

Legal Statements

Last Updated: 2026-05-28

CVEs

Flexera publishes a CVE list for known vulnerabilities in our products and services.

Schrems II Statement

Following the recent ruling of the Court of Justice of the European Union in the matter of Case C-311/18 “Schrems II”, and upon considering further advice and guidance from supervisory authorities and having regard to recommendation 01/2020 of the European Data Protection Board (EDPB) on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data.

Flexera has conducted a review of its systems, processes, and operations and has assessed the level of risk involved in transferring customer Personal Data outside of the European Economic Area (EEA), specifically transfers to the United States of America.

At this time Flexera has taken the view, having regard to the very limited categories of Personal Data that it processes on behalf of its customers, the total absence of sensitive/special category personal data, the fact that it has not to date received any request for information from any government body or agency within the USA, and having regard to the very limited circumstances in which such Personal Data is accessed outside of the EEA, that the measures currently in place are both appropriate and adequate.

Flexera recognizes that this area is rapidly changing and will continue to closely monitor and respond to any developments as they arise. For further information about this please contact Legal@Flexera.com.

Brexit Statement

Flexera has been preparing for the UK’s exit from the EU since the 2016 Referendum.

As a software company, the impact of Brexit on Flexera’s customer relationships is expected to be minor.

We recognise that from January 1 2021 the United Kingdom will no longer be a member of the European Economic Area (EEA) and will for the purposes of the General Data Protection Regulations 2016 (GDPR) become a ‘third-country’ with the benefit of an interim adequacy decision.

We have been monitoring this situation and will be taking the following steps:

From January 1 2021 Flexera Software GmbH shall become Flexera Software Limited and Flexera Software LLC’s appointed representative within the EU for the purposes of Article 27 GDPR.
Data transfers between the United Kingdom to the EEA will continue as normal.
We will continue to monitor developments over the coming months and will take the necessary actions to minimise the impact to our operations and to ensure our customers are not affected.

We do not anticipate that any of the measures outlined above will adversely impact any of our customers.

If you do have any concerns about this please contact Legal@Flexera.com.

We will continue to monitor any developments in this area and provide updates as necessary.