A: Hello! I would like the answer to the same question as well 😅... The main reason why we have been quiet about this is because of all of the complexity of the laws surrounding GDPR and the USA data laws.

I would think many people who have researched into some of these compliance laws have essentially seen a big hole between the USA and the EU with compliance. We are a USA-based company, multiple of the hosting providers are USA owned, multiple databases are stored in the USA... So as a direct result you have a conflict because of the USA's Cloud Act and GDPR policies that conflict one another by simply being involved with America in any way it seems. There is provisioning for EU PII data to be stored in non-EU countries (as long as you have equal security and privacy standards to the GDPR policies), so this should be no problem, except for the USA compliance. There is a deep loop of politics surrounding this subject that is likely not best for this thread...

So can we say that we are GDPR compliant?

I will say this, all of the hosting providers that we use are major companies that have these high standards of security and privacy in deployment, however with this conflict of international policies... can we actually publicly say that we are fully GDPR compliant if any of our hosting providers ever have to comply with other compliance laws?

So, we have chosen to simply sit quiet on this one until international policies can get settled out and we will simply follow high industry standards caring for your data and privacy.
We will not sell your data to 3rd parties, we will not share your data with unauthorized 3rd parties, and if you have any specific questions you are more than welcome to contact us directly... but what larger companies have to deal with in terms of how they stand in compliance with other countries (AWS, Digital Ocean, etc.) in the midst of all of this international data law compliance complexity, I believe is beyond what we as founders have much any say or ability to do much about.

Other founders might market themselves being GDPR compliant, but then they would not be compliant for the USA. So many consumers can look at a website and basically look for an EU-GDPR badge, but they may actually be out of compliance with a large percentage of the world or may not even be compliant with the GDPR and they are not being truthful with that banner or claim...

We are a USA owned company, even if we went with 100% EU hosting, someone could make an argument that we would be out of compliance regardless...

We choose to be truthful in everything that we do. That is simply what is right. We are not going waive a GDPR banner and try to profit off of that (when the lines are not clear at the moment with international policies) and not base things in truth.

We will simply go forward in excellence and do our best to care for our users and stand in compliance with everyone the best way that we can, stay true, and focus on what we are supposed to be doing... building very solid products that help people!

So... If you are digital agency, freelancer, marketing team, or simply need to have a clean place to store your branding assets in a presentable manner, then BrandBay is here to help you streamline your workflows, save time, and make great client/customer experiences! 😃

Please feel free to reach out if you have any other questions at support@brandbay.io or join our Zeru Apps community to speak with the team and stay up to date with what we are doing! https://go.zeruapps.com/e/community