ClientFlow

Data Residency - Soevereiniteit & Compliance

8 min leestijd

Data Residency & Sovereignty

Version 1.2 | Last Updated: January 2025

Where your data lives. ClientFlow stores all data in the European Union (Frankfurt, Germany) to ensure GDPR compliance and data sovereignty for European customers.

Data Location Summary

Data TypePrimary LocationBackup LocationProvider
DatabaseFrankfurt, GermanyHelsinki, FinlandHetzner
FilesEU RegionsGlobal (EU preference)Cloudflare R2
ApplicationFrankfurt, GermanyN/A (stateless)Hetzner VPS
FrontendGlobal CDNPrimary: FrankfurtVercel

Key Points

  • EU Data Residency: All customer data stored in EU (Frankfurt)
  • GDPR Jurisdiction: EU data protection laws apply
  • No US Storage: Primary data NOT stored in USA
  • Standard Contractual Clauses: Protect any non-EU transfers

Why Data Residency Matters

Regulatory Compliance

  • GDPR (EU): Storing in EU = automatically compliant
  • KVKK (Turkey): EU storage acceptable (adequate protection)
  • HIPAA (USA): No location requirement if secure

Data Sovereignty

  • Protected by GDPR (strongest data protection globally)
  • No US CLOUD Act access to EU-stored data
  • No warrantless surveillance (requires EU court order)

Geographic Redundancy

Your data is replicated across two EU locations for disaster recovery:

  • Primary: Frankfurt, Germany (active)
  • Secondary: Helsinki, Finland (standby replica)
  • Replication: Real-time (<1 second lag)
  • Failover: Automatic (<5 minutes)
Distance: ~1,200 km between datacenters protects against regional disasters while maintaining low latency (~20ms).

Sub-Processor Locations

Sub-ProcessorLocationData TypeSafeguards
HetznerGermany (EU)All dataGDPR (EU law)
CloudflareEU (primary)FilesSCCs, DPA
iyzicoTurkeyPayment tokensSCCs, KVKK
ResendUSAEmail address, nameSCCs, DPA

Schrems II Compliance

ClientFlow implements supplementary measures for any USA transfers:

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Data Minimization: Only transfer necessary data
  • Pseudonymization: IP addresses anonymized in logs
  • Contractual: SCCs with indemnification clauses

Data Export

Export your data at any time via Dashboard → Settings → Privacy → Export Data:

  • Formats: JSON, CSV, PDF
  • Contents: All client records, payments, appointments, files, audit logs
  • Delivery: Download link via email within 1 hour

Contact

Data Residency Questions: dpo@clientflow.center

EU-Only Hosting Request: sales@clientflow.center

Read time: ~8 minutes | Audience: IT Security, Compliance Officers

Was this helpful?

Related Documents

Featured

AVG-naleving - Databeschermingsgids

Hoe ClientFlow ervoor zorgt dat uw klantgegevens voldoen aan de AVG

20 minDetails bekijken
Featured

Security Whitepaper - Versleuteling & Gegevensbescherming

Uitgebreide beveiligingsarchitectuur, compliance en best practices

25 minDetails bekijken

HIPAA overwegingen - Gezondheidszorg & Therapie

ClientFlow veilig gebruiken voor zorg- en therapiepraktijken

15 minDetails bekijken