GDPR Compliance
Last updated: January 9, 2026
100% EU Data Residency
All Skemya data is stored exclusively in European Union data centers. We never transfer your data outside the EU, ensuring full GDPR compliance by design.
Our Commitment to GDPR
As an EU-based company, Skemya is fully committed to the General Data Protection Regulation (GDPR). We have implemented comprehensive measures to ensure your data is protected and your privacy rights are respected.
Data Infrastructure
Data Centers
EU-based data centers in Germany and France with SOC 2 and ISO 27001 certifications.
No Data Transfers
Data never leaves the EU. No reliance on SCCs or other transfer mechanisms.
Encryption
AES-256 encryption at rest, TLS 1.3 in transit. Keys managed with HSM.
Backups
Daily encrypted backups with point-in-time recovery, all within EU.
Data Subject Rights
We provide tools to help you fulfill data subject requests:
- •Right to Access: Export all personal data in machine-readable format (JSON, CSV).
- •Right to Rectification: Update personal data through account settings or API.
- •Right to Erasure: Delete all data with one click, including backups within 30 days.
- •Right to Portability: Download complete data export in standard formats.
- •Right to Object: Opt out of non-essential processing at any time.
Data Processing Agreement
All customers can sign our standard Data Processing Agreement (DPA) which includes:
- • Standard Contractual Clauses (SCCs) for additional protection
- • Detailed list of sub-processors
- • Technical and organizational measures
- • Data breach notification procedures
- • Audit rights
Sub-processors
We use a limited number of GDPR-compliant sub-processors, all based in the EU:
| Provider | Purpose | Location |
|---|---|---|
| OVHcloud | Cloud infrastructure | France (EU) |
| Hetzner | Database hosting | Germany (EU) |
| Bunny CDN | Content delivery | EU-only nodes |
Contact Our DPO
For GDPR-related inquiries, contact our Data Protection Officer: