As of 25 May 2018, the European General Data Protection Regulation (GDPR) will come into force. We wrote this post serves to outline what Transloadit - and our customers - can do to make sure the new rules are being followed.
Transloadit collects and shares information about its customers. Since Transloadit is a B2B service, this concerns data on businesses. We also receive a limited amount of data on our customers' customers. These are the individuals or 'data subjects' that the GDPR specifically aims to protect, and they come in contact with Transloadit when we handle their uploads or when they request the status of encoding progress of their files.
As far as these cases are concerned, Transloadit receives the following data on end-users:
- Browser Identifiers: IP address, browser agent (if the browser discloses, but almost all do), Referer (if the browser discloses, depends on settings and e.g. HTTPS)
- Media Files (uploads)
Since May 15th 2018 we discard Browser Identifiers and never save them to disk or any other persistant storage. Since the beginning (2009), Media Files are saved to temporary storage in an anonimized way, and discarded after 24h
Since Transloadit does not store data on data subjects, migration or deletion tools not applicable.
If it is important to you that the Media Files of your end-users (during the 24h window temporarily) resides in a particular region, Transloadit currently operates in two regions:
us-east-1 (Virginia, USA) and
eu-west-1 (Ireland). By default, Transloadit will serve your users from the region closest to them, but you can also opt to exclusively address one region, by using an endpoint like