<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=348068&amp;fmt=gif">
Couchdrop Cloud SFTP logo Couchdrop
Features/Product |
Cloud Storage - SFTP Gateway
Turn Dropbox into a SFTP server. Couchdrop works with your storage

Users and Access Controls
Configure additional users, read only accounts and complex permissions

Developer Friendly
Learn about our API, webhooks and integrations

Virtual Data Room
The data room includes an upload/download portal, secure links and other features
to help clients send you data

Customisable and Enterprise Ready
Dedicated instances, whitelabelling and enterprise security features

Security Center
Security Overview GDPR Compliance HIPAA Compliance Frequently Asked Questions
Pricing |

GDPR at Couchdrop

In 2012, the European Commission began a process to reform Europe's existing data protection laws by proposing a new data protection regulation to replace the current Data Protection Directive. GDPR was agreed and adopted in 2016 and came into effect on 25 May 2018.
GDPR aims to make data protection regulations: more Relevant, Comprehensive and Unified.
GDPR is a significant change but opens the opportunity for companies and organizations to audit their current data processing and storage actions and to ensure their customers are adequately protected.
For the benefit of the customer it shows, demonstrated compliance, enhanced rights and privacy of data by design. One major enhanced right is the right to obtain and reuse personal data across multiple services, as well as the right of deletion of personal data.

How does Couchdrop align with GDPR?

As Couchdrop handles sensitive, personal and company data, Couchdrop and the team take GDPR and other security compliance and processes seriously. Couchdrop understands that the sensitive nature of data, its transfer and storage rely on maintain relevancy in both security principles and governance, but also to building trust with its customers to ensure a peace of mind.
Couchdrop has ensured the following is in place to align the company and its processes with GDPR;
  • Updated Privacy Notice and Terms and Conditions to be GDPR compliant, as well as more concise and transparent about how we process personal data.

  • Staff Education on the Couchdrop infrastructure and processes to ensure all staff understand GDPR and are compliant and can raise risk and concern should an area of concern be identified.

  • Data Breach Alerting, Couchdrop is armed with a rapid response email and announcement to fall in line with GDPR, so that on a rare chance a breach is noted, communications can be sent out in a quick manner.

  • Infrastructure and internal processes now fall in line with GDPR.

  • The way Couchdrop handles and stores data falls in line with GDPR and Safe Harbor data protection means.

Just because Couchdrop has done the above, does not mean it will stop there. The team at Couchdrop will continue to modify, update you and remain relevant across the security governance spectrum to continue to meet yours, and the wider worlds needs.

Frequently Asked Questions

Where does Couchdrop store customer data?
As Couchdrop is a SaaS provider, Couchdrop uses Amazon Web Services and Digital Ocean as it’s compute engine, as well as S3 and Wasabi storage for those who choose to use Couchdrop as your hosted storage option. Should you choose a third-party cloud storage provider, Couchdrop does not maintain or hold GDPR responsibility for data stored here. For more information on AWS’s approach to GDPR, see https://aws.amazon.com/compliance/gdpr-center/
When transferring data with a Couchdrop service such as SFTP or another method of Couchdrop transport, all data is processed in memory and overwritten immediately as new data is processed. Therefore, unless you have chosen to store data within Couchdrop hosted storage, no data processed by Couchdrop is physically stored and the only remaining evidence is metadata that can be located within the audit log of your my.couchdrop.io portal.
Will Couchdrop be storing EU customer data in the EU?
Couchdrop provides the ability to bring your own storage that can be based in the EU, or if opting for Couchdrop's hosted storage you can choose your desired region, such as Frankfurt. All data processing will take place within Couchdrop's EU presence unless otherwise agreed or should a presence in the EU not be available. Couchdrop's database where metadata (found in the audit log) is stored is located in the USA and where this is fully encrypted and information such as filenames is not accessible by plain-text. It is possible for Couchdrop to provide a fully redundant EU instance for customers on a enterprise plan.
Couchdrop ensures that it complies with EU data export restrictions when it exports data outside of the EU.
How will Couchdrop comply with EU data export restrictions?
When personal data is hosted or processed outside of the European Union Area by Couchdrop, GDPR requires that it remains protected by appropriate safeguards in line with EU law.
Our EU customers' data is processed in Europe unless a different point of presence has been chosen. Should Couchdrop's EU presence not be available, Couchdrop will default to the next closest available region which could be the USA. United States is recognized by the EU as an 'adequate' country (i.e. safe country) to receive and process EU personal data, pursuant to European Commission Decision 2013/65/EU. Couchdrop additional ensures "appropriate safeguards" are in place that are prescribed by GDPR – i.e., by entering the European Commission’s Standard Contractual Clauses with the entity the data is transferred to, or by ensuring the entity is Privacy Shield certified (for transfers to US based entities).
Is Couchdrop signed up to Privacy Shield?
Couchdrop is a New Zealand-headquartered company, with an infrastructure presence in the United States of America – we are not a US-headquartered company. Privacy Shield is only one of a few available mechanisms to transfer data outside of the EU, and certification against the Privacy Shield is not a legal requirement. We otherwise rely on a combination of options to ensure that Couchdrop and data maintains compliance with EU data export rules.
Do you have a GDPR compliant Data Processing Agreement/Addendum for us to sign?
The Couchdrop Data Processing Addendum is found https://couchdrop.io/privacy/gdpr/processing-addendum. You don't need to sign it - it automatically applies as part of the Couchdrop Terms and Conditions whenever it is relevant to your use Couchdrop’s services and solutions.

Couchdrop Third Parties

Couchdrop uses a range of third parties to help us provide you with a great service and to assist us with communication, infrastructure and understanding your needs better. See below for a list of third parties that Couchdrop uses.
Amazon Web Services
Cloud Infrastructure Service Provider
United States
Microsoft Azure
Cloud Infrastructure Service Provider
United States
Digital Ocean
Cloud Infrastructure Service Provider
United States
Cloud Storage Service Provider
United States
Infrastructure Monitoring Provider
United States
Billing and Payment provider
United States
Billing and Payment provider
United States
Billing and Payment provider
New Zealand
Electronic Direct Mail and Campaign manager
United States
United States
Google Analytics
SEO and Web analyzing and data reporting tool
United States
Ticket and Incident Management tool
United States
Third party integrator tool for business processes
United States
Third party Analytics and Reporting
United States