From fa6fe0d950fe25e431a576f8b74a729fe92dc2c5 Mon Sep 17 00:00:00 2001 From: Chiziaruhoma Ogbonda Date: Thu, 18 Jun 2026 13:57:08 +0100 Subject: [PATCH 1/3] docs: Add GDPR compliance page for Serverpod Cloud --- docs/08-deployments/02-gdpr-compliance.md | 19 +++++++++++++++++++ .../custom-hosting/_category_.json | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 docs/08-deployments/02-gdpr-compliance.md diff --git a/docs/08-deployments/02-gdpr-compliance.md b/docs/08-deployments/02-gdpr-compliance.md new file mode 100644 index 00000000..b8674bc8 --- /dev/null +++ b/docs/08-deployments/02-gdpr-compliance.md @@ -0,0 +1,19 @@ +--- +sidebar_label: GDPR compliance +description: Serverpod Cloud hosts your data in Frankfurt on Google Cloud and Neon, a GDPR-compliant foundation backed by SOC 2 and ISO-certified infrastructure. +--- + +# GDPR compliance + +Serverpod Cloud projects are hosted in Frankfurt on Google Cloud Platform, which gives your project a strong foundation for GDPR compliance. Google LLC is an active participant in the EU-U.S. Data Privacy Framework. + +Your data is stored in Frankfurt through Neon, which complies with the GDPR framework. + +## Certifications + +Serverpod has not yet been certified to ISO or SOC 2 standards. The underlying infrastructure providers that store and run your data are certified: + +- Google Cloud Platform holds SOC 2, ISO/IEC 27001:2022, and ISO/IEC 27701:2019 certifications. +- Neon holds SOC 2, ISO/IEC 27001:2022, and ISO/IEC 27701:2019 certifications. + +For the full list of certifications, see [Google Cloud compliance](https://cloud.google.com/compliance) and [Neon security](https://neon.com/security). diff --git a/docs/08-deployments/custom-hosting/_category_.json b/docs/08-deployments/custom-hosting/_category_.json index e4d06ea7..62455110 100644 --- a/docs/08-deployments/custom-hosting/_category_.json +++ b/docs/08-deployments/custom-hosting/_category_.json @@ -1,5 +1,5 @@ { "label": "Custom hosting", - "position": 2, + "position": 3, "className": "sidebar-icon-custom-hosting" } From 66488c0883b97f4c38157f09d018ddc048d9a6fa Mon Sep 17 00:00:00 2001 From: Chiziaruhoma Ogbonda Date: Thu, 18 Jun 2026 14:01:08 +0100 Subject: [PATCH 2/3] docs: Move GDPR page to the end of the Deploy section --- .../{02-gdpr-compliance.md => 03-gdpr-compliance.md} | 0 docs/08-deployments/custom-hosting/_category_.json | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename docs/08-deployments/{02-gdpr-compliance.md => 03-gdpr-compliance.md} (100%) diff --git a/docs/08-deployments/02-gdpr-compliance.md b/docs/08-deployments/03-gdpr-compliance.md similarity index 100% rename from docs/08-deployments/02-gdpr-compliance.md rename to docs/08-deployments/03-gdpr-compliance.md diff --git a/docs/08-deployments/custom-hosting/_category_.json b/docs/08-deployments/custom-hosting/_category_.json index 62455110..e4d06ea7 100644 --- a/docs/08-deployments/custom-hosting/_category_.json +++ b/docs/08-deployments/custom-hosting/_category_.json @@ -1,5 +1,5 @@ { "label": "Custom hosting", - "position": 3, + "position": 2, "className": "sidebar-icon-custom-hosting" } From 6cf9e9ddb0dedeb14ee9a47d5bce1958c4675f5f Mon Sep 17 00:00:00 2001 From: Chiziaruhoma Ogbonda Date: Thu, 18 Jun 2026 14:57:50 +0100 Subject: [PATCH 3/3] docs: Update GDPR compliance documentation for clarity and completeness --- docs/08-deployments/03-gdpr-compliance.md | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/docs/08-deployments/03-gdpr-compliance.md b/docs/08-deployments/03-gdpr-compliance.md index b8674bc8..aa3d818a 100644 --- a/docs/08-deployments/03-gdpr-compliance.md +++ b/docs/08-deployments/03-gdpr-compliance.md @@ -1,19 +1,10 @@ --- sidebar_label: GDPR compliance -description: Serverpod Cloud hosts your data in Frankfurt on Google Cloud and Neon, a GDPR-compliant foundation backed by SOC 2 and ISO-certified infrastructure. +description: Serverpod Cloud stores your data in Frankfurt on Google Cloud and Neon, giving your project a strong foundation for GDPR compliance. --- # GDPR compliance -Serverpod Cloud projects are hosted in Frankfurt on Google Cloud Platform, which gives your project a strong foundation for GDPR compliance. Google LLC is an active participant in the EU-U.S. Data Privacy Framework. +Serverpod Cloud stores your data in Frankfurt on Google Cloud Platform, which gives your project a strong foundation for GDPR compliance. Your database runs on Neon, which also stores your data in Frankfurt. Google LLC is an active participant in the EU-U.S. Data Privacy Framework. -Your data is stored in Frankfurt through Neon, which complies with the GDPR framework. - -## Certifications - -Serverpod has not yet been certified to ISO or SOC 2 standards. The underlying infrastructure providers that store and run your data are certified: - -- Google Cloud Platform holds SOC 2, ISO/IEC 27001:2022, and ISO/IEC 27701:2019 certifications. -- Neon holds SOC 2, ISO/IEC 27001:2022, and ISO/IEC 27701:2019 certifications. - -For the full list of certifications, see [Google Cloud compliance](https://cloud.google.com/compliance) and [Neon security](https://neon.com/security). +Hosting your data in the EU is only part of GDPR compliance. You are still responsible for ensuring that your own service meets the requirements of the GDPR, including how you collect, process, and handle your users' personal data.