<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=348068&amp;fmt=gif">

GDPR at Couchdrop

In 2012, the European Commission began a process to reform Europe's existing data protection laws by proposing a new data protection regulation to replace the current Data Protection Directive. GDPR was agreed and adopted in 2016 and came into effect on 25 May 2018.

GDPR aims to make data protection regulations: more Relevant, Comprehensive and Unified.

GDPR is a significant change but opens the opportunity for companies and organizations to audit their current data processing and storage actions and to ensure their customers are adequately protected.

For the benefit of the customer it shows, demonstrated compliance, enhanced rights and privacy of data by design. One major enhanced right is the right to obtain and reuse personal data across multiple services, as well as the right of deletion of personal data.


How does Couchdrop align with GDPR?

As Couchdrop handles sensitive, personal and company data, Couchdrop and the team take GDPR and other security compliance and processes seriously. Couchdrop understands that the sensitive nature of data, its transfer and storage rely on maintain relevancy in both security principles and governance, but also to building trust with its customers to ensure a peace of mind.

Couchdrop has ensured the following is in place to align the company and its processes with GDPR;

  • Updated Privacy Notice and Terms and Conditions to be GDPR compliant, as well as more concise and transparent about how we process personal data.
  • Staff Education on the Couchdrop infrastructure and processes to ensure all staff understand GDPR and are compliant and can raise risk and concern should an area of concern be identified.
  • Data Breach Alerting, Couchdrop is armed with a rapid response email and announcement to fall in line with GDPR, so that on a rare chance a breach is noted, communications can be sent out in a quick manner.
  • Infrastructure and internal processes now fall in line with GDPR.
  • We have included the Standard Contractual Clauses in our Data Processing agreement and outlined our approach to data transfers in our whitepapers.

Just because Couchdrop has done the above, does not mean it will stop there. The team at Couchdrop will continue to modify, update you and remain relevant across the security governance spectrum to continue to meet yours, and the wider worlds needs.


How can I sign Couchdrop's Data Processing Agreement

Since both the Couchdrop SFTP and Movebot products use datacenters in the USA to store metadata, it is a requirement that EU/UK companies sign our Data Processing Agreement.

All you have to do is sign and return the agreement: GDPR Data Processing Agreement

Frequently Asked Questions

Where does Couchdrop and Movebot store customer data?
As Couchdrop is a SaaS provider, Couchdrop uses Amazon Web Services and Digital Ocean as it’s compute engine, as well as S3 and Wasabi storage for those who choose to use Couchdrop as your hosted storage option. Should you choose a third-party cloud storage provider, Couchdrop does not maintain or hold GDPR responsibility for data stored here. For more information on AWS’s approach to GDPR, see https://aws.amazon.com/compliance/gdpr-center/
When transferring data with a Couchdrop service such as SFTP or another method of Couchdrop transport, all data is processed in memory and overwritten immediately as new data is processed. Therefore, unless you have chosen to store data within Couchdrop hosted storage, no data processed by Couchdrop is physically stored and the only remaining evidence is metadata that can be located within the audit log of your my.couchdrop.io portal.
Will Couchdrop be storing EU customer data in the EU?
Couchdrop provides the ability to bring your own storage that can be based in the EU, or if opting for Couchdrop's hosted storage you can choose your desired region, such as Frankfurt. All data processing will take place within Couchdrop's EU presence unless otherwise agreed or should a presence in the EU not be available. Couchdrop's database where metadata (found in the audit log) is stored is located in the USA and where this is fully encrypted and information such as filenames is not accessible by plain-text. It is possible for Couchdrop to provide a fully redundant EU instance for customers on a enterprise plan.
Couchdrop ensures that it complies with EU data export restrictions when it exports data outside of the EU.
Will Movebot be storing EU customer data in the EU?
Movebot stores metadata and configuration for migrations outside the EU zone in the USA. Files and folders being migrated are only stored temporarily in memory and you can choose the region that this data is stored in.
Couchdrop ensures that it complies with EU data export restrictions through its DPA which must be signed before using Movebot.
How will Couchdrop comply with EU data export restrictions?
When personal data is hosted or processed outside of the European Union Area by Couchdrop, GDPR requires that it remains protected by appropriate safeguards in line with EU law.
Both Couchdrop and Movebot store metadata in the USA. Since the USA is no longer recognized by the EU as an 'adequate' country (i.e. safe country) to receive and process EU personal data, pursuant to European Commission Decision 2013/65/EU, business customers must sign our Data Processing Agreement that includes the Standard Contractual Clauses detailing data transfers outside the EU.
Do you have a GDPR compliant Data Processing Agreement/Addendum for us to sign?
Since Couchdrop and Movebot are transferring and storing metadata in the USA if you are a EU/UK based company, you must sign our DPA and return it to us before using the service.

Our presigned DPA can be found https://www.couchdrop.io/hubfs/privacy/latest/gdpr_dpa_unsigned.pdf

Couchdrop Third Parties

Couchdrop uses a range of third parties to help us provide you with a great service and to assist us with communication, infrastructure and understanding your needs better. See below for a list of third parties that Couchdrop uses.


Product Purpose Location
Amazon Web Services Cloud Infrastructure Service Provider United States
Microsoft Azure Cloud Infrastructure Service Provider United States
Digital Ocean Cloud Infrastructure Service Provider United States
Vultr Cloud Infrastructure Service Provider United States
Wasabi Cloud Storage Service Provider United States
Datadog Infrastructure Monitoring Provider United States
Stripe Billing and Payment provider United States
PayPal Billing and Payment provider United States
Xero Billing and Payment provider New Zealand
Mailchimp Electronic Direct Mail and Campaign manager United States
HubSpot CRM United States
Google Analytics SEO and Web analyzing and data reporting tool United States
Zendesk Ticket and Incident Management tool & CRM United States
Make (formerely Integromat) Third party integrator tool for business processes United States
Trevor Third party Analytics and Reporting Germany
Sentry Third party Monitoring and Logging United States
MongoDB Atlas Data Services United States