GDPR
Compliant by architecture — no personal data collected.
Security & compliance
Compliant by architecture.
EU-hosted in Dublin. Zero personal data collection. Zero sub-processors outside the EU. Your compliance team signs off in one meeting — not three.
Compliance posture
All the paperwork. None of the excuses.
How is SealMetrics GDPR-compliant by architecture?
Every framework your compliance team looks for — architectural, contractual and pre-documented for procurement review.
ePrivacy
No cookies, no localStorage — directive doesn't apply.
Schrems II
Zero transfers outside EU. No SCCs needed.
EU-hosted · Dublin
Single region. No failover to third countries.
DPA included
Standard DPA with every plan. Custom DPA on Enterprise.
TPSR package
Vendor security questionnaire pre-built for procurement review.
Data flow
From visitor to dashboard. All inside Ireland.
Where does SealMetrics process and store data?
Every byte of data stays within the EU. No third-country transfers, no sub-processors, no hidden dependencies.
01 · Collect
First-party pixel
Your domain. No cookies. No localStorage. No identifiers. Zero personal data on the device.
02 · Transit
Encrypted TLS 1.3
Direct-to-server with PFS. No third-party CDN for analytics traffic.
03 · Process
EU-only servers
Dublin region. Isolated VPC. Anonymous event counting with no personal identifiers ever stored.
04 · Store
Encrypted at rest
AES-256. Dublin region. 24-month retention. No third-country replication.
FAQ
The compliance questions, answered.
What DPOs, CISOs and procurement teams ask. If your team has something else, we'll answer it in the walkthrough.
Still have questions? Our team — including the founder — is one message away.
Talk to us →Get the full compliance pack.
30 minutes with our compliance lead. Architecture, DPA, Schrems II stance, TPSR — walked through with your legal team.
Built by a founder · supported by a founder · EU-hosted by design