GDPR

Appwrite is compliant with the European General Data Protection Regulation (GDPR). GDPR is an EU regulation that concerns data privacy and security in the European Union and the European Economic Area.

By attesting that Appwrite is GDPR compliant, we have done the following.

  • Appwrite users will retain access to their personal information including the right to correct and delete it.

  • Impose the same rules upon the organization's sub-processors who assist in providing Appwrite's services as described in the Terms of Service (“ToS”).

  • Appwrite will notify users promptly about policy changes and/or data breaches.

You can learn more in our Privacy policy and Cookie policy. You can also reach us at privacy@appwrite.io for more questions.

Appwrite has also implemented the following security measures to achieve technical compliance.

  • Appwrite implements a multi-layered security approach, integrating centralized IAM (Identity and Access Management) to regulate access to production resources.

  • Cloud security processes are employed for provisioning, configuring, monitoring, and accessing cloud resources. Changes in production environments follow a controlled process using Infrastructure as Code (IaC).

  • Industry-standard encryption protocols like TLS/SSL safeguard data transmitted over networks. Additionally, data stored in databases and file storage is secured using techniques like AES encryption. Key rotations are performed at regular intervals to ensure data security.

  • Appwrite performs regular security audits at the application and infrastructure layers to ensure compliance with industry-leading security standards and practices. Periodic vulnerability scans are also conducted on software dependencies and packages to mitigate against CVEs.

DPA

A DPA, or Data Processing Agreement, is a contract between a data controller and data processor concerning the rights and obligations of both parties when processing personal data.

This agreement describes how Appwrite and sub-processors handle, secure, and transfer data, as well as outline rights and obligations of both Appwrite and you or your company when personal data is processed.

You can find and sign a DPA in your organization's Settings > Download DPA document.

Project settings screen

Project settings screen

Please note that while Appwrite Cloud serves as a GDPR-compliant platform to handle data, it is the responsibility of developers to ensure that their application is also compliant with CCPA regulations.