GDPR Compliance

The General Data Protection Regulation gives you control over your data. Here's how we comply and what it means for you.

Last updated: July 4, 2025

What GDPR means for you

GDPR is a European law that gives you control over your personal data. As a European company, we've built our platform with GDPR at its core.

  • You own your data, not us
  • You can access, correct, or delete it anytime
  • We must tell you what we collect and why
  • We need your consent for marketing
  • We must protect your data properly

Your GDPR rights

Right to access

Request a copy of all personal data we hold about you. We'll provide it within 30 days in a readable format.

Request your data →

Right to rectification

If any of your data is incorrect or incomplete, you can ask us to fix it. Most data can be updated directly in your dashboard.

Update in dashboard →

Right to erasure

Also known as the "right to be forgotten". Request complete deletion of your account and all associated data.

Available in account settings

Right to portability

Export your data in a machine-readable format to transfer to another service. Includes all your applications and configurations.

Export tools in dashboard

Right to object

Object to certain types of processing, like marketing. You can opt out of all non-essential communications in your settings.

Manage in notification settings

Right to restriction

Ask us to limit how we process your data in certain circumstances, such as while disputing data accuracy.

Contact us →

Legal basis for processing

GDPR requires us to have a legal reason for processing your data. Here's ours:

Contract performance

Most processing is necessary to provide the services you've signed up for.

  • • Account management and authentication
  • • Application deployment and hosting
  • • Billing and payment processing
  • • Customer support

Legitimate interests

Some processing helps us run our business without harming your rights.

  • • Security monitoring and fraud prevention
  • • Service improvements and analytics
  • • Essential service communications

Consent

We ask for your explicit consent for:

  • • Marketing emails and newsletters
  • • Non-essential cookies
  • • Third-party integrations you enable

Legal obligations

Sometimes we must process data by law:

  • • Tax records and invoicing
  • • Legal compliance and court orders
  • • Anti-money laundering checks

How we protect your data

Technical measures

  • • Encryption in transit and at rest
  • • Regular security audits
  • • Access logging and monitoring
  • • Vulnerability scanning
  • • Secure development practices

Organizational measures

  • • Limited access on need-to-know basis
  • • Employee privacy training
  • • Data processing agreements
  • • Regular privacy reviews
  • • Incident response procedures

International data transfers

Your data stays in Europe

All primary data processing happens in the Netherlands. We minimize international transfers and when necessary, we ensure appropriate safeguards:

  • Infrastructure: All servers in EU data centers
  • Sub-processors: We use Standard Contractual Clauses when required
  • Your repositories: GitHub/GitLab/Bitbucket access follows their GDPR compliance

How long we keep your data

Active account data

As long as you're a customer

Your account, applications, and configurations

After account deletion

30 days

Complete removal from production systems

Backup retention

90 days

Automated backup purging after account deletion

Legal records

As required by law

Tax records (7 years), legal holds (varies)

Third-party processors

We carefully select partners who meet our privacy standards. All have appropriate data processing agreements:

Service Purpose Location
Stripe Payment processing EU/US (SCC)
Scaleway Infrastructure France
UpCloud Infrastructure EU
GitHub/GitLab/Bitbucket Repository access Various (user choice)

Updates to GDPR practices

We continuously improve our privacy practices. When we make significant changes:

  • • We'll notify you via email and dashboard
  • • Changes won't reduce your existing rights
  • • We'll explain what changed and why
  • • You can always review past versions