GDPR and DORA compliance
Flokk is built for European data sovereignty. All data stays in the EU, and the platform is designed to meet the requirements of regulated industries.
Data residency
All data — databases, backups, account information — is stored in Frankfurt, Germany (UpCloud de-fra1). No data leaves the European Union. There are no transatlantic transfers.
GDPR
Flokk acts as a data processor when you store personal data in your databases. Our obligations are documented in the Data Processing Agreement.
- DPA: self-serve download from the legal page
- Sub-processors: listed at /legal/sub-processors with 30-day change notice
- Data subject rights: export via
pg_dump, deletion via the dashboard - Breach notification: within 24 hours of confirmation
- Data deletion: databases + backups removed within 30 days of account deletion
DORA
For financial entities subject to the Digital Operational Resilience Act, Flokk's terms of service include DORA-aligned clauses:
- Incident reporting: affected customers notified within 24 hours
- Exit strategy: standard PostgreSQL,
pg_dumpexport, no vendor lock-in - Audit rights: security documentation available; on-site audits for Dedicated tier
- Sub-processor changes: 30-day advance notice with right to object
- Business continuity: automatic failover, tested DR procedures
Encryption
| Layer | Method |
|---|---|
| In transit | TLS 1.3 (hostssl + SCRAM-SHA-256) |
| At rest | AES-256 (UpCloud block storage encryption) |
| DNS verification | DANE/TLSA records with DNSSEC via deSEC |
Tenant isolation
On shared clusters, each tenant gets a separate PostgreSQL database and role with per-role resource limits (statement_timeout, work_mem, temp_file_limit, CONNECTION LIMIT). PgBouncer enforces per-user connection limits. A background guardian process terminates queries exceeding 30 seconds.
Tenants cannot connect to other tenants' databases — cross-database CONNECT privileges are revoked. However, PostgreSQL's system catalogs (pg_database, pg_roles) are visible to all authenticated users. This means tenants on a shared cluster can see the names of other databases and roles via \l or \du, but cannot access their data, connect to their databases, or act as their roles. This is a PostgreSQL limitation shared by all multi-tenant managed PostgreSQL services. If this is unacceptable for your use case, use the Dedicated tier where your database runs on isolated hardware with no other tenants.
On dedicated clusters, tenants have their own compute nodes with Kubernetes taints ensuring no other tenant's workload runs on the same hardware.
Sub-processors
| Provider | Purpose | Location |
|---|---|---|
| UpCloud Ltd | Infrastructure | Helsinki, Finland |
| Mollie B.V. | Payment processing | Amsterdam, Netherlands |
| deSEC e.V. | DNS | Berlin, Germany |
All EU-headquartered. Full list at /legal/sub-processors.