Residencia de Datos - Soberanía y Cumplimiento
Data Residency & Sovereignty
Version 1.2 | Last Updated: January 2025
Where your data lives. ClientFlow stores all data in the European Union (Frankfurt, Germany) to ensure GDPR compliance and data sovereignty for European customers.
Data Location Summary
| Data Type | Primary Location | Backup Location | Provider |
|---|---|---|---|
| Database | Frankfurt, Germany | Helsinki, Finland | Hetzner |
| Files | EU Regions | Global (EU preference) | Cloudflare R2 |
| Application | Frankfurt, Germany | N/A (stateless) | Hetzner VPS |
| Frontend | Global CDN | Primary: Frankfurt | Vercel |
Key Points
- EU Data Residency: All customer data stored in EU (Frankfurt)
- GDPR Jurisdiction: EU data protection laws apply
- No US Storage: Primary data NOT stored in USA
- Standard Contractual Clauses: Protect any non-EU transfers
Why Data Residency Matters
Regulatory Compliance
- GDPR (EU): Storing in EU = automatically compliant
- KVKK (Turkey): EU storage acceptable (adequate protection)
- HIPAA (USA): No location requirement if secure
Data Sovereignty
- Protected by GDPR (strongest data protection globally)
- No US CLOUD Act access to EU-stored data
- No warrantless surveillance (requires EU court order)
Geographic Redundancy
Your data is replicated across two EU locations for disaster recovery:
- Primary: Frankfurt, Germany (active)
- Secondary: Helsinki, Finland (standby replica)
- Replication: Real-time (<1 second lag)
- Failover: Automatic (<5 minutes)
Sub-Processor Locations
| Sub-Processor | Location | Data Type | Safeguards |
|---|---|---|---|
| Hetzner | Germany (EU) | All data | GDPR (EU law) |
| Cloudflare | EU (primary) | Files | SCCs, DPA |
| iyzico | Turkey | Payment tokens | SCCs, KVKK |
| Resend | USA | Email address, name | SCCs, DPA |
Schrems II Compliance
ClientFlow implements supplementary measures for any USA transfers:
- Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Data Minimization: Only transfer necessary data
- Pseudonymization: IP addresses anonymized in logs
- Contractual: SCCs with indemnification clauses
Data Export
Export your data at any time via Dashboard → Settings → Privacy → Export Data:
- Formats: JSON, CSV, PDF
- Contents: All client records, payments, appointments, files, audit logs
- Delivery: Download link via email within 1 hour
Contact
Data Residency Questions: dpo@clientflow.center
EU-Only Hosting Request: sales@clientflow.center
Read time: ~8 minutes | Audience: IT Security, Compliance Officers
Related Documents
Cumplimiento GDPR - Guía de Protección de Datos
Cómo ClientFlow asegura el cumplimiento GDPR para tus datos de clientes
Libro Blanco de Seguridad - Encriptación y Protección de Datos
Arquitectura de seguridad integral, cumplimiento y mejores prácticas
Consideraciones HIPAA - Salud y Terapia
Usando ClientFlow de forma segura para prácticas de salud y terapia