d3feda1490e6475b9f98249e55d2718aQ: Hi.
As you are GDPR compliant, do you offer a signed DPA?
Also, since you are different from other services, how do you achieve checking for microsoft, if they are so restrictive? I assume you see not sending „test“-mails in those cases?
Thanks
ReoonSupport
May 14, 2024A: Hi, thanks for the query. We take the protection of data very seriously and we strictly follow rules to ensure the compliance with GDPR. A signed DPA is not available at the moment, but may available in future. Uploaded data get automatically deleted after a certain period (30 days) and can also be deleted immediately upon request. All of our data processing servers are situated in US and EU and are encrypted to ensure the security.
About the other question, we do not send any emails to verify addresses. Microsoft provides one of the high restrictive email services and we took different measures to verify them. Unfortunately, we can not share all the details regarding the verification process due to security reasons. However, a hint can be provided that the process includes a lot of well-configured servers with a lot of IP addresses.
US? This is complicated right now.
Why not using strictly your EU server only for us Europeans?
Hi, it is important that the verification servers are located in different places for better performance. We can understand your concern about the security. Now you can delete the verification files just by clicking a button after the verification. So, if you do not want to keep the data on our server, you can delete them immediately. By default, all the uploaded data get deleted after 30 days automatically.
Its Almost a year since this post. Do you have a DPA available now and can Servers be selected or are automatically selected by User location (eu User-> eu server) Both topics are of high interest. By the way. Offering a DPA is not GDPR relevant BUT the things stated in a DPA are highly relevant. It's basically a contract guaranteeing you are compliant. you are compliant why don't you offer one?
I'm also looking for similar information. As I see it, they're doing a lot to protect data, but I can't find proof that they are truely GDPR compliant. Hopefully there will be a clear answer to your question, best in combination with a DPA. :-)
Another EU customer: If I want to use Reoon with a WordPress form plugin to verify emails using the quick check, the email gets transferred to your server. This is only allowed if you also offer a signed DPA. Without this, your service is unusable in the EU. Could you please clarify when a DPA will be available (a pre-signed PDF download which the users print, sign, and return via e-mail)? Thanks!