The General Data Protection Regulation (GDPR / DSVGO) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was approved by the EU Parliament in April 2016 and came into effect on May 25, 2018.
ZITADEL Cloud is GDPR compliant
ZITADEL (CAOS Ltd.) is a company headquartered in Switzerland. Switzerland is a non-EU country that is recognized by the European Commission as a country with an adequate level of data protection (Adequacy).
At ZITADEL we are fully compliant with the existing GDPR regulations and provide the required technical and organizational measures to protect your personal data and those of your users.
How we process personal data
What is personal data?
GDPR is especially concerned about protecting personal data of individuals. Personal data (Art. 4 GDPR) consists of any information that allows us to identify a person directly or indirectly and can be anything such as a name, email address, credit card number, or documents with personal information.
How about sub-processors?
We require sub-processors and additional vendors to provide you with our services. All sub-processors are listed in our Trust Center. We make sure that personal data transferred outside of the EU is handled by trusted vendors that employ equivalent or stronger privacy protection guarantees, and are bound by a data processing agreement.
ZITADEL as your sub-processor
In case you use our services as part of your service to end-users, we do provide a data processing agreement with all relevant information.
When using ZITADEL Cloud we offer different data regions where the data of your end-users will be stored within the selected region. Additionally, we ensure that all data in transit is always being encrypted. We make sure that personal data transferred outside of the EU is handled by trusted vendors that employ equivalent or stronger privacy protection guarantees, and are bound by a data processing agreement.
Always in control
As a Swiss service provider we can provide the highest degree of GDPR compliance. We rely on best-in-class global companies to provide our customers with the best possible confidentiality, integrity and availability.
We understand that you might not want to rely on our or our sub-processors' controls and measures to safely handle personal data of you and your customers. If this is the case, we recommend that you choose to host ZITADEL on your private cloud. We can provide high-quality ZITADEL enterprise licenses that include access to our support services without accessing your data.
If you have any questions or requests, please don't hesitate to contact us.Contact Legal