In what jurisdictions is Softr data processing located? Does this include CDNs?
How are data deletion requests handled for Softr apps?
Do apps built with Softr gather proper explicit user consent? Including not just for cookies, but for broader privacy compliance including data processing.
@johntreadway GDPR is typically hard to interpret and courts even go case by case (e.g. latest case by Munich court, classifying google fonts served via google non complaint).
Back to your question: we do offer cookie consent management solution Iubenda (which has good free tier too), we do host google fonts so client doesn’t reach to google servers for fonts, our own data is stored in AWS EU servers and most importantly when it comes to data deletion you can do it from Softr and Airtable directly.
I would add a question about data sovereignty as well – I know there’s no feature for specifying countries where data can or can’t be housed, but it might still be helpful if the FAQ stated which regions the data centers were in. (Is EU the only one?)
@Marine.Hovhannisyan Thank you, I wasn’t able to figure out the first and second questions, however. The answers are, as @johntreadway suggests, not as straightforward (as with some other platforms).
As a German company, we take data security and privacy very seriously, and we therefore keep as much data storage as possible inside the borders of the EU. The datacenter is therefore located in Germany and is SOC 1, SOC 2, and ISO 27001 certified with 24/7 operations and enterprise-grade security.
Are CDNs or other globally distributed processing/storage never in use?
For data deletion requests, how can Softr makers ensure that all stored data associated with a user is purged, in all of the places where it is cached or materialized?
The easy way to understand GDPR is to know the 8 rights an EU citizen has & that you have the measures in place.
1 Right to be informed
2 Right of access
3 Right to rectification
4 Right to be forgotten
5 Right to restrict processing
6 Right to data portability
7 Right to object to direct marketing
8 Rights in relation to automated decision making and profiling