claudiapQ: GDPR & LGPD Compliance — Servers & DPA
Hello,
I plan to use FlowyTeam with EU/EEA and Brazilian data. I understand you would process team and client data on your servers — so you’re the processor and I’m the controller (GDPR Art. 4).
Could you please confirm:
1. Where are your servers located?
2. Do you have a DPA?
3. If your servers are outside the EU/EEA, do you apply SCCs or an adequacy decision?
4. Any guidance for LGPD (Brazil)?
Thanks!
Dirks_FlowyTeam
Aug 6, 2025A: Server Location
Our servers are hosted with Amazon Web Services (AWS) in US East (N. Virginia), United States. AWS provides a secure infrastructure with industry-leading certifications such as SOC 2, ISO 27001, and more.
Data Processing Agreement (DPA)
Yes, we do offer a Data Processing Agreement (DPA) upon request.
If you’d like a copy, we can provide the DPA and typically have it signed within 5 business days after receiving your requirements.
International Data Transfer Safeguards
Since our servers are located outside the EU/EEA, we ensure lawful data transfers by:
Implementing Standard Contractual Clauses (SCCs) as approved by the European Commission, and based on AWS’s compliance frameworks, which align with EU data protection standards.
Additional Security Measures
Beyond legal safeguards, we implement strict technical and organizational measures, including: Encryption in transit and at rest,
Role-based access controls,
Routine security assessments, and
Ongoing monitoring of compliance requirements and data protection standards.
LGPD (Brazil)
As a data processor, we support our clients in meeting LGPD obligations by applying the same security, transparency, and accountability principles that we use for GDPR compliance.