GDPR

Resend is GDPR compliant.
We have made it a priority to protect your data.

What is GDPR?

The General Data Protection Regulation (GDPR) is a data privacy law implemented by the European Union. It went into effect on May 25, 2018, and is considered one of the world's leading data privacy legislations.

The goal of GDPR is to honor the privacy of persons residing in the EU, by protecting their:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to avoid automated decision-making

Why is GDPR necessary?

A majority of the businesses using Resend either reside in the EU or have customers there. We are honoring our responsibility to comply with the rights of the recipients living in the EU.

GDPR compliance is not only an obligation for Resend, but also for many of the businesses using Resend. Resend's compliance allows even more businesses to build their operations on top of Resend's infrastructure without compromises to privacy or compliance.

Who audited Resend?

Unlike SOC 2 or ISO 27001, GDPR is not a best practice standard but rather a law. Because of this, most companies self-audit to align their operations and technology with the GDPR controls. Resend followed this approach.

Resend also uses Vanta to monitor all GDPR controls and organize evidence for compliance.

Where is Resend data stored?

Resend stores customer data in the United States (US).

Our DPA includes a Standard Contractual Clause to handle proper data export from the EU to the US.

What measures are taken to protect PII?

Resend follows security best practices to protect PII. See our DPA for a full list of Technical and Organizational Measures.

How does Resend meet the obligations of a processor?

Resend spent over 12 months making the necessary changes to comply with GDPR to properly honor our obligations as a processor according to Article 28 of GDPR.

We have published a Data Processing Addendum (DPA) that outlines the obligations of Resend as a processor. These changes also include updates to our Terms and Privacy Policy to adequately incorporate all of these documents together.

How can I access GDPR resources?

Can you answer a questionnaire?

If you have a questionnaire that needs filling, please contact us.

Please note that requesting changes to our DPA or other legal documents requires an Enterprise Plan.