A: Thank you for your important question — we’re happy to clarify our data storage and GDPR compliance approach.

🇺🇸 Server Location

Currently, Dialora’s core infrastructure is hosted in the United States, through our partners such as Twilio, Deepgram, OpenAI, and other cloud providers. However, we have taken several measures to ensure full compliance with EU GDPR regulations.

✅ Compliance Measures in Place
1. Standard Contractual Clauses (SCCs)
• All of our subprocessors (including Twilio and OpenAI) have implemented Standard Contractual Clauses, approved by the European Commission, to legally transfer personal data outside the EU in compliance with GDPR Article 46.

2. EU Entity Processing
• For example, OpenAI processes EU customer data via OpenAI Ireland Ltd. This ensures that data protection obligations are overseen by an EU-based entity, further aligning with GDPR jurisdictional requirements.

3. Data Minimization & Encryption
• We apply data minimization principles, and all data in transit and at rest is encrypted using modern industry standards (TLS 1.2+/AES-256).

4. User Control
• Dialora supports key GDPR rights such as data access, deletion, portability, and processing consent. You can request data removal or export at any time by emailing [email protected].

6. Planned EU Hosting (Optional for Agencies)
• For large agencies with over 30 European clients or enterprise clients requiring exclusive EU hosting, we are exploring optional EU-based deployments or private cloud instances. If that is a requirement, please contact us to discuss a custom solution.

Summary
While our primary infrastructure is US-based, we are fully aligned with GDPR Article 46 via SCCs, DPAs, and robust privacy controls. We’re committed to offering secure, lawful, and ethical processing of EU data.

If you’d like a signed copy of our DPA or a full list of subprocessors and safeguards, feel free to reach out to [email protected] or visit https://www.dialora.ai/legal-compliance