Kagliostro
[ Legal / GDPR ]

GDPR Compliance

Kagliostro Cloud is fully GDPR-compliant. EU data stays in EU.

Our role

Kagliostro acts as a data processor for customer data and as data controller for account data.

Lawful basis

Contract performance for service delivery; legitimate interest for security telemetry; consent for optional analytics.

Data residency

EU customers' data is stored exclusively in Frankfurt (eu-central-1). No cross-border transfer without SCCs and adequacy.

Sub-processors

Full, up-to-date list with locations and DPAs on the Sub-processors page.

Your rights

  • Right to access, rectification, erasure
  • Right to data portability (JSON export, on-demand)
  • Right to restrict or object to processing
  • Right to lodge a complaint with your supervisory authority

DPA

We sign a DPA with every customer on request. Pre-signed copy available at /dpa.

Data Protection Officer

Priya Ravindran — dpo@kagliostro.cloud

Breach notification

Customers are notified within 24 hours of confirmed breach affecting their data, well under the 72-hour GDPR requirement.