International Data Transfer Policy

Keeptrusts is operated from Barcelona, Spain (European Economic Area). We may transfer personal information across borders to provide the service. This page describes our approach to international data transfers and the safeguards we apply.

When transferring personal information from the European Economic Area, the United Kingdom, or Switzerland to countries that do not benefit from an adequacy decision by the European Commission, Keeptrusts relies on Standard Contractual Clauses (SCCs) approved by the European Commission as the primary transfer mechanism.

Keeptrusts monitors developments in international data transfer frameworks, including the EU-US Data Privacy Framework, and will update its transfer practices as appropriate when new adequacy decisions, frameworks, or guidance become effective.

In addition to contractual protections, Keeptrusts applies technical and organizational measures to protect transferred data, including encryption in transit, encryption at rest, role-based access controls, and audit logging.

Enterprise customers can configure regional hosting and data residency controls within the platform. Customers with specific data sovereignty requirements should contact sales for a tailored deployment plan.

For questions about international transfers or to request a Data Processing Agreement, contact privacy@keeptrusts.com.