[SOLVED] GDPR compliance

I am wondering if appwrite is GDPR compliant. I am self-hosting appwrite on a server and in general find it quite difficult to get an understanding of what exactly is GDPR compliant and what is not. I noticed some Storage Region variables in the .env, being set to regions in the US, but not sure if this means that storage data would actually be processed in the US, since im self-hosting.

TL;DR

The user is asking if Appwrite is GDPR compliant while self-hosting it on their server. They are confused about GDPR requirements and seek pointers to understand it better. The response clarifies that self-hosted Appwrite can be made compliant by defining data collection, storage, processing, and access, and creating a privacy policy and cookie consent messages. However, the Appwrite dashboard itself is not GDPR compliant due to the use of Google Analytics cookies. The user is reminded that this is not legal advice and should seek professional advice if needed. The user also inquires about the GDPR compliance of Appwrite infrastructure, but it is mentioned that compliance extends

I've been reading about compliance with GDPR as a software engineer, so i understand many things beyond appwrite needs to be done in order to be GDPR compliant.. So i guess my question is more directed at the infrastructure/security of appwrite.

If you’re selfhosting Appwrite, all data should be being stored and processed on that server. As long as your server is within the EU/UK or another approved region, no data is exported.

Makes sense, it is within EU.

Is the appwrite core/infrastructure then GDPR compliant?

Also, https://discord.com/channels/564160730845151244/1102936099745177700/1138469235165757512

As in, AppWrite Cloud?

Appwrite cloud, not compliant for now. In self-hosting you can create apps that are compliant, since you're the one processing everything so it's your responsibility to define what data will be collected, saved, during how many time and how it will be processed/who will have access to it, so you can create the entire framework around this, privacy policy and DPA with your users.

Note that as I said, you can build apps compliant. That doesn't means self-hosted Appwrite is 100% compliant since the panel/console/dashboard still uses Google Analytics cookies, so the appwrite dashboard will not be GDPR compliant (but your app will be, that's what matters)

Also that doesn't means your app will be compliant by default, you will need to elaborate a privacy policy, cookie consent messages, and other stuff needed to comply with GDPR

Last note 😅 I'm not a lawyer, so this is just an orientation and not a professional advice

Okay, I think this is the answer I was looking for 😅 I'm notably confused about the ins and outs of GDPR and what it extends to etc. Just looking for some pointers, to slowly get a grasp of it all, so I appreciate the answers 👍

[SOLVED] GDPR compliance

Self hosted can be if your network blocks those connections to Google Analytics 👀

Yes, true

But no cookie message is shown, who is another requirement

Only if you store identifying cookies

And if the user has to register before you hold any data about them, you can put it in the privacy policy

It will store session cookies, so they're identifying cookies. It's not needed consent, but you should show a pop-up saying you will store essential cookies because they're essential to login 😆

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support