Yes, there is a region selection. But GDPR is about if (and on what legal grounds) personal data is stored. Region selection is a first good indicator if a service might be used in a GDPR-compliant-way. π
For example, storing an ip address in full length is personal data.
Vercel states here vercel.com/security:
"Is Vercel GDPR compliant?
Yes. For more information, see our Privacy Policy. No data is stored permanently inside EU regions. Static assets and Serverless Functions responses can be cached in EU regions, but it is ephemeral."
But from my experience you need to state something about vercel hosting in your sites privacy statement for example. So there is more work needed to be done by the site owner. In Germany there are generators for this like datenschutz-generator.de/.
If there is a good article about GPDR-compliance & Vercel, @ all: please let me know! Guess it would be helpful. :)
Hey, thanks for your comment!
Yes, there is a region selection. But GDPR is about if (and on what legal grounds) personal data is stored. Region selection is a first good indicator if a service might be used in a GDPR-compliant-way. π
For example, storing an ip address in full length is personal data.
Vercel states here vercel.com/security:
"Is Vercel GDPR compliant?
Yes. For more information, see our Privacy Policy. No data is stored permanently inside EU regions. Static assets and Serverless Functions responses can be cached in EU regions, but it is ephemeral."
I'm not a lawyer and I haven't digged trough vercel.com/legal/privacy-policy yet.
But from my experience you need to state something about vercel hosting in your sites privacy statement for example. So there is more work needed to be done by the site owner. In Germany there are generators for this like datenschutz-generator.de/.
If there is a good article about GPDR-compliance & Vercel, @ all: please let me know! Guess it would be helpful. :)
Update, here is an example in german, it relies on the standard contract clauses (SCC): twitter.com/m_andrasch/status/1627...