# GDPR Compliance ### Where does Mailtrap store data? Mailtrap data is hosted in the USA on AWS (us-east-1) and Google servers in the US. We plan to offer EU-based data storage in 2026. ### Is Mailtrap GDPR compliant? Yes, Mailtrap is GDPR compliant. The General Data Protection Regulation (GDPR) came into effect on May 25, 2018. Mailtrap takes GDPR compliance very seriously, and we have implemented appropriate technical and security processes to ensure Mailtrap's full compliance with GDPR. ### What exactly Mailtrap does to achieve GDPR compliance? We take GDPR compliance very seriously and have implemented multiple measures to ensure the protection of personal data. Our team continuously monitors and updates our practices to align with the latest regulatory standards and industry best practices. Our GDPR compliance measures have been audited as part of our ISO 27001 certification, which we have successfully achieved. You can [find the certificate here](/account-and-organization/privacy-and-security/iso-certification.md). Currently, US–EU data sharing is regulated by the [EU–US Data Privacy Framework](https://www.dataprivacyframework.gov/Program-Overview). This framework, agreed upon in 2022 and declared adequate by the European Commission in 2023, governs data transfers between the EU and the US. Both “Railsware Products Studio LLC”, “Amazon”, and "Google" are listed in the [Data Privacy Framework registry](https://www.dataprivacyframework.gov/list). You can review the measures we take to ensure GDPR compliance regarding: * Users’ data in our [Privacy Policy](https://mailtrap.io/privacy/). * Data processed as part of our service in our [Data Protection Agreement](https://mailtrap.io/dpa/). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mailtrap.io/account-and-organization/privacy-and-security/gdpr-compliance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.