Chartio processes all data in the United States. In order to allow transfers of personal data to the United States from the EU, Switzerland, and United Kingdom, Chartio has self-certified with Privacy Shield. The Privacy Shield framework is a mechanism to comply with EU and Swiss data protection requirements while allowing these transfers to the United States.
Chartio also maintains a GDPR-compliant data-protection addendum (DPA) to our standard contract for customers who use Chartio to process personal data of EU citizens. This DPA is based on the EU model clauses and provides contractual guarantees of many of the GPDR requirements, such as breach notification and retention policies.
If you would like more information, please reach out to firstname.lastname@example.org.