# Data Residency
## Overview
Amondo processes and stores data in accordance with applicable data protection and privacy regulations, including the UK and EU General Data Protection Regulation (GDPR). Our approach ensures that all personal and customer data is handled lawfully, securely and with appropriate safeguards regardless of where it is processed.
## Data storage and processing locations
Where possible, all core platform infrastructure and supporting services are hosted within the European Economic Area (EEA). This includes the storage of customer data, platform configuration and analytics information.
In certain cases, Amondo may use trusted third-party providers located outside the EEA. When this occurs, appropriate transfer mechanisms are applied to ensure compliance with GDPR requirements.
These safeguards include:
* Use of EU Standard Contractual Clauses (SCCs) or their UK equivalents
* Hosting and processing only with providers that maintain ISO 27001 or SOC 2 certification
* Periodic reviews of third-party data processing locations
## Sub-processors
Amondo engages carefully selected third-party service providers (“sub-processors”) to support the delivery and operation of the platform. Each sub-processor is contractually required to implement appropriate technical and organisational measures to protect customer data and comply with the UK and EU GDPR.
Where data is processed or transferred outside the EEA or the United Kingdom, Amondo ensures that appropriate safeguards are in place, such as the use of EU Standard Contractual Clauses (SCCs) or their UK equivalents.
### Current sub-processors
| Sub-Processor | Location | Services | Transfer Mechanism (if required) |
| ------------------------------ | -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| **Airtable** | United States | Storage and processing of structured data (used for managing project information, content tracking, or operational workflows). | Standard Contractual Clauses |
| **Amazon Web Services (AWS)** | Ireland | Storage of data (hosting of a dashboard through which data may be accessed for content curation purposes; hosting of user-generated textual content). | – |
| **Cloudflare** | Global | Security (prevention of malicious activity) and data retrieval (ensuring files are quickly accessible to users). | Standard Contractual Clauses |
| **Cloudinary** | European Union, United States, United Kingdom, Singapore | Storage and distribution of data to user devices. | Standard Contractual Clauses |
| **Individual sub-contractors** | European Union or United Kingdom | Assistance with content curation and moderation. | – |
| **Luamp** | Germany | Storage and distribution of data to user devices. | – |
| **Paperform** | United States | Collection and temporary storage of data via online forms. | Standard Contractual Clauses |
| **PostHog** | European Union | Product analytics and tracking of user interactions with the platform. | – |
| **Postmark** | United States | Transactional email delivery (sending system-generated emails that may contain personal data). | Standard Contractual Clauses |
| **Zapier** | United States | Workflow automation and integration between connected services. | Standard Contractual Clauses |
## Data transfer safeguards
All transfers of personal data outside the EEA or UK are governed by legally recognised mechanisms ensuring equivalent levels of data protection. These include Standard Contractual Clauses and, where applicable, the UK Addendum. Amondo periodically reviews sub-processor compliance and the adequacy of these mechanisms.
## Customer content
Customer-generated or uploaded content is stored and served from locations optimised for performance, with preference for EEA-based storage and delivery networks. Content caching and distribution via global CDNs (such as Cloudflare) is limited to what is necessary for service operation and performance.
## Compliance
Amondo’s data residency practices are designed to meet the requirements of:
* The UK Data Protection Act 2018
* The EU and UK GDPR (including Article 46 on cross-border data transfers)
* Industry-recognised standards such as ISO 27001
For information on how Amondo collects and processes personal data, see our [Privacy & Cookie Policy](https://www.amondo.com/privacy-cookie-policy).
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.amondo.com/trust-and-compliance/data-residency.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.