GDPR Compliance for EU Clients - Server Location?

Question

Hello kiwilaunch team,\u000a\u000aI\u0027m a French lawyer considering kiwilaunch for client bookings. Before purchasing, I need GDPR clarifications as law firms face strict data protection obligations and attorney\u002Dclient privilege requirements.\u000a\u000aKey questions:\u000a\u000a1. Where are EU users\u0027 data physically hosted? EU/Switzerland or US?\u000a\u000a2. Do you provide a GDPR\u002Dcompliant DPA for EU clients?\u000a\u000a3. If data transfers occur outside EU, do you use EU Commission\u002Dapproved SCCs (2021)?\u000a\u000a4. Who are your hosting subprocessors and where are they located?\u000a\u000a5. Is data encrypted at rest and in transit?\u000a\u000aAs a lawyer bound by absolute confidentiality, data location is critical. Your Privacy Policy (June 2022) mentions UK GDPR but doesn\u0027t specify server location or EU client guarantees.\u000a\u000aCould you clarify before I proceed with purchase?\u000a\u000aThank you.\u000a\u000aBest regards,

Orkun_kiwilaunch · Answer

Hello,\u000aLet me try to answer all:\u000a\u000a1. Where are EU users\u0027 data physically hosted? EU/Switzerland or US?\u000aAws London servers.\u000a2. Do you provide a GDPR\u002Dcompliant DPA for EU clients?\u000aYou probably can interpret better, but as per the advice we got, we and you are both Data processor. We have our data processing agreement with you, but as per our guidance, you need to append your own dpa to your privacy policy. \u000a3. If data transfers occur outside EU, do you use EU Commission\u002Dapproved SCCs (2021)?\u000aYour data is strictly hosted in our UK instance. We don’t transfer. Please don’t use the Google analytics integration as it does user tracking and we can’t ensure.\u000aJust to clarify, we made kiwi app GDPR compliant,  but kiwilaunch.com and the intercom used for in\u002Dapp support is not covered. We tried to enable your compliance. \u000a\u000a4. Who are your hosting subprocessors and where are they located?\u000aWe use AWS. But if you use Stripe or PayPal for receiving online payments, we can’t guarantee compliance from their side.  Similar witg Google Calendar integrationz\u000a\u000aWe have chatgpt integration but it is only for drafting service descriptions not for processing anything related to bookings or customers.\u000a\u000a5. Is data encrypted at rest and in transit?\u000aIt is not encrypted. \u000a\u000aSince UK was our launch market, we had to spend more resources on this, but our last external guidance was received 18 months ago. \u000aSo if you are aware of any more recent changes from the last period, you can ask them specifically.\u000aHope these help.

pfieloux · Answer

Thank you for your detailed response. Unfortunately, it doesn't meet our compliance standards. It's a shame, as it looks like a great product.

If you'd like a more detailed explanation, feel free to reach out at https://fieloux.com/contact/
Philippe

kiwilaunch

Share kiwilaunch

Choose a plan

Related questions