Data Processing Agreement (DPA)

Malene_Raundahl · January 27, 2025, 5:12pm

Hi Retool team and community,

We are in the process of finalizing a Data Processing Agreement (DPA) with Retool and need to clarify an important GDPR-related detail.

Could you confirm:

**Where (which country/countries) does Retool store customer data? **
Is data storage always within the EU, or does Retool also transfer/store data in the United States?
If data is stored outside the EU, what measures are in place to ensure GDPR compliance beyond Standard Contractual Clauses (SCCs)?

This information is critical for ensuring compliance with European data protection regulations, especially for public sector clients.

Looking forward to your response. Thanks in advance!

Best regards,
Malene
b-near a/s

MiguelOrtiz · January 28, 2025, 5:06pm

Hey @Malene_Raundahl, and welcome to the forum!

Just double checking if had stumbled upon these two pages:

From a quick read:

Data storage is always in the US
The DPA establishes Controllers and Processors of data as per GDPR estipulations

Hope these docs are helpful!