GDPR compliance

  1. In what jurisdictions is Softr data processing located? Does this include CDNs?

  2. How are data deletion requests handled for Softr apps?

  3. Do apps built with Softr gather proper explicit user consent? Including not just for cookies, but for broader privacy compliance including data processing.

Thank you.

Hi @alexxlee, please have a look at the following docs. They will answer all your mentioned questions:

Could we get a straightforward GDPR FAQ to read?

Also, there are two parts to this.

  1. What does Softr do for us (your clients)?
  2. What support does Softr provide that we can leverage for our clients/users and how should we communicate our GDPR compliance?

@johntreadway GDPR is typically hard to interpret and courts even go case by case (e.g. latest case by Munich court, classifying google fonts served via google non complaint).

Back to your question: we do offer cookie consent management solution Iubenda (which has good free tier too), we do host google fonts so client doesn’t reach to google servers for fonts, our own data is stored in AWS EU servers and most importantly when it comes to data deletion you can do it from Softr and Airtable directly.

–Artur

I would add a question about data sovereignty as well – I know there’s no feature for specifying countries where data can or can’t be housed, but it might still be helpful if the FAQ stated which regions the data centers were in. (Is EU the only one?)

@Marine.Hovhannisyan Thank you, I wasn’t able to figure out the first and second questions, however. The answers are, as @johntreadway suggests, not as straightforward (as with some other platforms).

As a German company, we take data security and privacy very seriously, and we therefore keep as much data storage as possible inside the borders of the EU. The datacenter is therefore located in Germany and is SOC 1, SOC 2, and ISO 27001 certified with 24/7 operations and enterprise-grade security.

Are CDNs or other globally distributed processing/storage never in use?

For data deletion requests, how can Softr makers ensure that all stored data associated with a user is purged, in all of the places where it is cached or materialized?

1 Like

@dcoletta at Softr we use AWS eu-central (Frankfurt)

Excellent! Now when do we get active-active multi-region support? :slight_smile:

1 Like

We don’t yet put any user data into CDN e.g. when you upload image it’s still in AWS EU (Might change over time).

When it comes to user deletion, don’t think we have distribution out of our own services/aws-eu