GDPR Compliance – EU-Based Business

Question

I’m a small business owner based in Germany and considering using Encharge for email automation. Before moving forward, I have a few GDPR-related questions:
1. Data Hosting
– Where is user data stored (AWS region)?
– Do you provide Standard Contractual Clauses (SCC)?
– Can we sign a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR?
– Do you work with any sub-processors or external vendors for handling data?
2. Double Opt-In (DOI)
– Can Encharge support GDPR-compliant DOI flows?
– Is confirmation tracking (e.g. timestamp or tag) possible?
3. General Compliance
– Any guidance or docs for EU users?
– Do you set any tracking cookies or link trackers by default?

For context: we only collect names and email addresses – no sensitive data.

Thanks in advance for your help!

David_Encharge · Answer

Hi flinker.affe 👋\u000a\u000aThank you for the thoughtful and thorough GDPR\u002Dfocused questions — really appreciate how clearly you laid everything out 🙌 Here’s a full breakdown for you:\u000a\u000a1. Data Hosting \u0026 Compliance\u000a• Data Hosting: All user data is hosted securely on Amazon Web Services (AWS), specifically in the EU (Frankfurt region).\u000a• Standard Contractual Clauses (SCCs): Yes, we provide SCCs as part of our compliance documentation for international data transfers.\u000a• Data Processing Agreement (DPA): Absolutely. You can sign a DPA with us in accordance with Art. 28 GDPR. This is available to all Encharge customers — just shoot us an email at support@encharge.io and we’ll get you set up.\u000a• Sub\u002Dprocessors: Yes, like most SaaS tools, we do rely on a small number of carefully vetted sub\u002Dprocessors (like AWS, Mailgun for email delivery, etc.). You can request the full up\u002Dto\u002Ddate list via support — we’re transparent about who we work with and why.\u000a\u000a2. Double Opt\u002DIn (DOI)\u000a• Yes, Encharge supports GDPR\u002Dcompliant DOI. You can create a fully custom DOI flow using our visual automation builder. For example: \u000a• A person submits a form,\u000a• You send a confirmation email,\u000a• Only upon clicking the confirmation link does the person get added to your active list or receive emails. \u000a• Confirmation tracking: Yes, you can track this using tags (like “DOI Confirmed”) or even store timestamps in custom fields if you want to get extra precise. Many of our EU customers use this exact setup.\u000a\u000a3. General GDPR \u0026 EU Compliance\u000a• Docs/Guidance: Apologies, we don’t have a dedicated GDPR whitepaper (yet). I\u0027ll note that down and share it with the team so we can begin looking at how we could do this in the near future!\u000a• Cookies/Trackers: Encharge does not set tracking cookies or link trackers by default. You can choose to enable page visit tracking or use custom UTM rules — but it’s 100% optional and requires explicit implementation on your end. So you’re in control here ✅\u000a\u000aSince you\u0027re only collecting names and emails — and you’re already thinking ahead to DOI and lawful basis — you’re in a great spot to stay GDPR compliant with Encharge 💪\u000a\u000aLet me know if you\u0027d like us to send over the DPA or sub\u002Dprocessor list directly — or if you want help setting up your DOI flow inside the app. Happy to help!!

Encharge

Share Encharge

Related questions