Resend is GDPR compliant.
We have made it a priority to protect your data.
The General Data Protection Regulation (GDPR) is a data privacy law implemented by the European Union. It went into effect on May 25, 2018, and is considered one of the world's leading data privacy legislations.
The goal of GDPR is to honor the privacy of persons residing in the EU, by protecting their:
A majority of the businesses using Resend either reside in the EU or have customers there. We are honoring our responsibility to comply with the rights of the recipients living in the EU.
GDPR compliance is not only an obligation for Resend, but also for many of the businesses using Resend. Resend's compliance allows even more businesses to build their operations on top of Resend's infrastructure without compromises to privacy or compliance.
Unlike SOC 2 or ISO 27001, GDPR is not a best practice standard but rather a law. Because of this, most companies self-audit to align their operations and technology with the GDPR controls. Resend followed this approach.
Resend also uses Vanta to monitor all GDPR controls and organize evidence for compliance.
Resend stores customer data in the United States (US).
Our DPA includes a Standard Contractual Clause to handle proper data export from the EU to the US.
Resend follows security best practices to protect PII. See our DPA for a full list of Technical and Organizational Measures.
Resend spent over 12 months making the necessary changes to comply with GDPR to properly honor our obligations as a processor according to Article 28 of GDPR.
We have published a Data Processing Addendum (DPA) that outlines the obligations of Resend as a processor. These changes also include updates to our Terms and Privacy Policy to adequately incorporate all of these documents together.
If you have a questionnaire that needs filling, please contact us.
Please note that requesting changes to our DPA or other legal documents requires an Enterprise Plan.