GDPR

Hosting and Infrastructure

All processing activities related to our services are carried out exclusively within the territory of the European Union. Personal data is neither transferred to nor stored in third countries. The following components of our infrastructure operate solely under EU jurisdiction:

• Website hosting is performed on servers located within the European Union.
• DNS services are provided by operators established in the EU.
• Mail servers are hosted exclusively in Europe.
• Outgoing email is not routed through US‑based providers such as SendGrid, Amazon SES, Mailgun, or comparable services.
• Incoming email is not processed or filtered by non‑EU spam‑detection or scanning systems.
• No application, task processing, or background services are hosted on Amazon AWS, Microsoft Azure, Google Cloud, or any other cloud platform located outside the EU.
• No backups are stored in AWS, Backblaze, Google Cloud, or any other third‑country environment.

Website and Frontend Privacy

The website is configured to prevent the transfer of personal data to third‑country service providers. In particular:

• No Google Fonts or other externally loaded font resources are used that would transmit visitor IP addresses to the United States.
• No Google Analytics, Google Tag Manager, or comparable tracking or analytics tools are implemented.
• No Cloudflare or similar US‑based traffic‑filtering or CDN services are used; all traffic management and abuse‑prevention measures are operated on EU‑based infrastructure.
• No third‑party scripts, CDNs, or embedded resources are loaded that could result in the disclosure of personal data outside the European Union.

Email and Communication

All communication channels and support systems are operated within the European Union to ensure compliance with GDPR requirements:

• No email storage or processing occurs in Gmail, Outlook.com, Office365, or other US‑based platforms.
• No US‑based support or ticketing systems such as Zendesk, Intercom, Freshdesk, or similar services are used.
• No video‑conferencing tools operated by non‑EU providers, including Zoom, Microsoft Teams, or Google Meet, are utilised.
• All support, communication, and collaboration systems are hosted on infrastructure located within the EU.

Data Protection

Because all data processing activities take place exclusively within the European Union and no transfers to third countries occur:

• The risks identified in the Schrems II judgment are avoided.
• There is no reliance on Standard Contractual Clauses (SCCs) for international data transfers.
• No supplementary technical or organisational measures are required to compensate for third‑country transfers.
• All personal data remains continuously protected under the legal framework of the GDPR and applicable EU data‑protection legislation.