Our Commitment to Data Protection
We take data protection seriously. Here's an overview of how we handle your personal and business data.
Data Storage
All data is stored in EU-based data centers (Frankfurt, Germany) with full encryption at rest (AES-256) and in transit (TLS 1.3).
GDPR Compliance
We are fully GDPR compliant. Key measures include:
- Data Processing Agreement (DPA): Available for download and electronic signature
- Right to Access: Export all your data at any time from Settings → Privacy
- Right to Deletion: Request complete data deletion via Settings → Privacy → Delete Account
- Data Portability: Export your data in standard formats (JSON, CSV)
- Breach Notification: We notify affected users within 72 hours of any data breach
Sub-Processors
We use a limited number of sub-processors, all of which are GDPR compliant:
| Processor | Purpose | Location |
|---|---|---|
| AWS (Frankfurt) | Cloud hosting | EU |
| Stripe | Payment processing | US (EU-US DPF) |
| Postmark | Transactional email | US (EU-US DPF) |