Q: GDPR compliant?
Hi there, I see that your company is based in Barcelona, so you should already be subject to the GDPR. But I don't find anything on your website regarding GDPR.
As a potential customer from EU, I’d like to confirm a few details to ensure full compliance:
Do you provide a Data Processing Agreement (DPA) in line with Article 28 GDPR?
Where exactly are user data and documents stored (country/region)?
Do you use any sub-processors located outside the EU/EEA?
What technical and organizational measures are in place to ensure the security of personal data?
Thanks a lot in advance for your clarification!
Miquel_GetInvoice
Apr 30, 2025A: Hey! Thanks for the question :)
You're absolutely right, we’re based in Barcelona, Spain, and fully subject to the GDPR.
We do provide a DPA that outlines our responsibilities and obligations as a data processor. This agreement is available upon request for users who require it.
All user data is stored within the European Union, specifically in AWS Spain. This ensures data residency within the EEA.
In cases where we use a sub-processor is based outside the EU/EEA we ensure that they have safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
For security, we've completed a CASA Tier 2 security audit, and also independently implement a range of technical and organizational measures, including (but not limited to) end-to-end encryption (in transit and at rest), role-based access controls, regular security audits and vulnerability assessments and data minimization and strict access logs as some examples.
Hope this answers your questions :)