GDPR compliance
Zaeo & GDPR: Supporting EU data rights
We designed Zaeo to meet the strict requirements of the General Data Protection Regulation for controllers and processors.
This page explains our approach, responsibilities, and tools that help your organization stay compliant.
Shared responsibility
We partner with you to protect customer data
Zaeo acts as both a processor and controller depending on the data flows involved in your deployment.
- Data processing agreements (DPAs) available for all customers.
- Role-based access ensures only authorized personnel interact with EU personal data.
- Sub-processor list and audit reports accessible through our trust center.
Data subject rights
Supporting access, rectification, and deletion requests
We provide tooling and services to help you respond to GDPR data subjects quickly.
Built-in workflows
Admins can submit and monitor requests directly within the Zaeo dashboard.
- Automated fulfillment timers with audit trails
- Export data in machine-readable formats
- Delegated access for regional privacy teams
Support from experts
Our privacy specialists collaborate with your legal counsel on complex scenarios.
- 24-hour acknowledgment of incoming requests
- Regional data residency configuration help
- Optional managed privacy services
International transfers
Protecting EU data abroad
We offer data residency choices and safeguards when transfers are required.
- Primary infrastructure in EU regions with failover in privacy-compliant locations.
- Standard contractual clauses (SCCs) executed with all sub-processors.
- Encryption and access controls prevent unauthorized disclosure during transit.