GDPR compliance.

Last updated: 12 June 2026

Nitrosend complies with the EU General Data Protection Regulation (GDPR). This page covers both sides of that: how we meet our obligations as your data processor, and how the platform helps you meet yours as a data controller.

Our role: data processor

When you upload contacts to Nitrosend, you are the data controller and we are the data processor. We process your contact data solely on your documented instructions, to deliver your emails and provide analytics. We never sell your contact data or use it for our own purposes, and we never share it with third parties to train their AI models. Human access is limited to least-privilege support and security operations.

How we meet GDPR processor obligations

How Nitrosend helps you stay compliant

GDPR compliance for email marketing mostly comes down to consent, transparency, and honouring requests quickly. The platform handles the mechanics:

Frequently asked questions

Do I need a DPA with Nitrosend?

If you're subject to GDPR and upload personal data of EU residents, yes: Article 28 requires a written agreement with your processors. Email [email protected] and we'll sign one.

Is my data stored in the EU?

No, data is hosted on AWS in the United States under Standard Contractual Clauses. EU data residency isn't available today; if it's a hard requirement for you, tell us, as customer demand sets our infrastructure roadmap.

Is Nitrosend SOC 2 certified?

In progress. See the SOC 2 page for the honest status.

Contact

GDPR questions, DPA requests, or vendor reviews: [email protected]. The full legal detail lives in our privacy policy.