Why EU Teams Need a European Loom Alternative

Async Video Became Infrastructure Without Anyone Noticing

Something shifted over the past few years. Screen recordings went from a nice-to-have to a core part of how distributed teams communicate. Product demos, bug reports, onboarding walkthroughs, design reviews — async video replaced a huge number of meetings that could have been, well, recordings.

If your team is remote or hybrid, there's a good chance someone recorded a screen capture today. The question most EU teams haven't asked yet: where did that recording actually end up?

The Jurisdiction Problem

Take a look at the async video market. Loom, Vidyard, Screencastify, Berrycast — nearly all of them are US companies running on US cloud infrastructure (primarily AWS and GCP). Even when a provider says they have "EU data centers," the parent company is still subject to US law.

For a lot of software categories, this is a nuisance but manageable. For video, it's a fundamentally different problem.

Video Is Biometric Data

Under GDPR, video recordings of people fall into a special category. Article 4(14) defines biometric data as personal data resulting from specific technical processing relating to physical characteristics — like facial images — that allow unique identification. Article 9 gives this data elevated protection.

Every time someone records a product walkthrough with their camera on, that recording contains biometric data. It's not just a file. It's a special category of personal data under EU law, and it demands a higher standard of care.

Schrems II and the CLOUD Act

In 2020, the Court of Justice of the EU struck down the EU-US Privacy Shield in the Schrems II ruling. The core finding: US surveillance law is fundamentally incompatible with EU data protection rights.

The US CLOUD Act makes this concrete. It compels US companies to hand over data to US authorities regardless of where the servers physically sit. An AWS region in Frankfurt doesn't help if the company operating it is headquartered in San Francisco.

The EU-US Data Privacy Framework adopted in 2023 attempts to bridge this gap, but it faces the same structural challenge its predecessors did. The underlying US surveillance authorities haven't changed. Legal scholars and privacy advocates expect another challenge, and the framework's long-term stability is uncertain.

For teams handling biometric video data, relying on a legal framework with a track record of being invalidated is a real operational risk.

What a Genuine EU Solution Looks Like

Slapping "GDPR compliant" on a marketing page isn't enough. A video tool that genuinely solves the jurisdiction problem needs several things working together:

EU-owned infrastructure. Not just EU-located servers operated by a US parent company, but infrastructure owned and operated by EU entities not subject to the CLOUD Act.

Open source code. Privacy claims are only as trustworthy as they are verifiable. If you can't read the code, you're trusting a privacy policy — which is a legal document designed to protect the vendor, not you.

Self-hosting option. For teams with strict compliance requirements, the only way to fully control data residency is to run the software on your own infrastructure. That means the tool needs to be designed for self-hosting from day one, not bolted on as an afterthought.

No vendor lock-in. Your recordings should be yours. Standard formats, exportable data, no proprietary containers.

GDPR compliance by architecture. Not by policy addendum or DPA negotiation, but by how the system is built. Data minimization, purpose limitation, and deletion capabilities baked into the technical design.

SendRec: Built for This Problem

SendRec is an open-source async video platform built specifically for EU teams. Here's the technical reality:

• Hetzner Cloud in Germany — a German company founded in 1997, not subject to US jurisdiction
• AGPLv3 licensed — full source code available, auditable by anyone
• Self-hostable via Docker Compose — a single docker-compose up gets you running on your own infrastructure
• Go backend + React frontend — straightforward stack, easy to understand and contribute to
• MinIO for object storage — S3-compatible, self-hosted, no external cloud dependency
• PostgreSQL — standard database, no proprietary data layer

The managed version runs at app.sendrec.eu with all data staying on EU infrastructure. But the point is that you don't have to trust us — you can read every line of code and run it yourself.

This Isn't Just About Compliance

Compliance matters, but this is also about something simpler: control. When your team's async communication lives on infrastructure you don't control, governed by laws you didn't vote for, you've outsourced a critical piece of your operations to a jurisdiction that may not share your values around data protection.

EU teams deserve tools built with EU principles. Not adapted for them. Built for them.

Try It

SendRec is free to use on the managed platform and free to self-host.

• Try it free: app.sendrec.eu
• Self-host or contribute: github.com/sendrec/sendrec

If your team has been putting off the "where do our recordings actually live?" conversation, now's a good time to have it.