Privacy and Security in

This page outlines's key security and privacy information. Whether you're looking to kick off a new project with, or curious about how works with your existing project, read on to see how can help protect you and your users.

Data Protection Support for GDPR

On May 25th, 2018, the EU General Data Protection Regulation (GDPR) replaced the 1995 EU Data Protection Directive. Digita is committed to helping our customers succeed under this privacy regulation, whether they are large software companies or independent developers.

The GDPR imposes obligations on data controllers and data processors. customers typically act as a "data controller" for any personal data or information about their end-users they provide to Digita in connection with their use of

Digita generally operates in any scenario as a "data controller" and, in some cases as a "data processor". Digita is "data controller" in the sense that it is responsible for determining the means of processing for individual accounts for end-users. Digita is "data processor" when it provides the Connect service. In this case, Digita processes user data on behalf of Digita's customer. Data Processing and Security Terms

In the case that customers use Connect, Digita is generally a data processor under GDPR and processes personal data on their behalf. The terms include Data Processing and Security Terms detailing these responsibilities. is getting certified under major privacy and security standards

ISO and SOC compliance

All services are getting through the ISO 27001 and SOC 2 evaluation process. Soon, compliance reports and certificates for services governed by the Terms of Service may be requested via [email protected]

Service nameISO 27001SOC 2 WebIDExpected August 2023Todo StoreExpected August 2023Todo AuthenticationExpected August 2023Todo AuthorisationExpected August 2023Todo BrowserExpected August 2023Todo ConnectExpected August 2023Todo

International data transfers

The Privacy Shield frameworks provided a mechanism to comply with data protection requirements when transferring EEA, UK or Swiss personal data to the United States and onwards. In light of the Court of Justice of the European Union ruling on data transfers, invalidating the EU-U.S. Privacy Shield, has moved to reliance on Standard Contractual Clauses for relevant data transfers, which, as per the ruling, can continue to be a valid legal mechanism to transfer data under the GDPR. The European Commission approved new versions of the Standard Contractual Clauses on June 4, 2021, which we are incorporating into our contracts with customers for relevant data transfers.

We are committed to having a lawful basis for data transfers in compliance with applicable data protection laws.

Data storage and processing locations relies on the infrastructure of DigitalOcean and Auth0. At DigitalOcean, relies on servers that are hosted in Amsterdam (NL). At Auth0, relies on servers that are hosted in Europe.

Security information

Encryption encrypts data in transit using HTTPS and logically isolates data per customer.

The infrastructure providers encrypt all data at rest by default.

Security practices

To keep personal data safe, Digita employs extensive security measures to minimise access:

  • Only a few Digita employees have access to personal data
  • Only employees who have enabled two-factor authentication have access to personal data

For more insights in our security practices, mail [email protected]. We are happy to provide you with audit reports etc.

Contact us

Reach out to [email protected] if you have any specific questions related to data protection, security and privacy.

The content of this page is a derivative of the Google Firebase Privacy and Security Information, which is licensed under the Creative Commons Attribution 4.0 License.