A: Hi Claudia,

Thank you for reaching out and for your interest in FlowyTeam. We’re glad to hear you’re considering activating your account!

To clarify your questions regarding GDPR and data protection:

1. Server Location
Our servers are physically hosted in AWS US East (N. Virginia), United States. We utilize Amazon Web Services (AWS) infrastructure, which adheres to strict industry standards and certifications such as SOC 2, ISO 27001, and others.

2. Data Processing Agreement (DPA)
Yes, we do offer a signed DPA for customers who require one. Our DPA includes:

Scope and purpose of data processing

Categories of data processed (e.g., names, email addresses, user activity)

Subprocessor arrangements (including AWS)

Security measures

Data subject rights

Retention and deletion policies

Breach notification procedures

We can usually provide a finalized DPA within 10 business days upon receiving your requirements.

3. International Data Transfer Safeguards
Although our servers are outside the EU, we maintain legal mechanisms for international data transfers:

We rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.

AWS, as our subprocessor, complies with these clauses and maintains a robust compliance framework.

We also implement additional security measures such as encryption at rest and in transit, access controls, and regular security reviews.

We’re committed to full GDPR compliance and take data privacy seriously. Please feel free to share your DPA requirements or let us know if you need assistance with documentation for LGPD or any other compliance framework.