In July 2020, The Court of Justice of the European Union (ECJ) published the Schrems II ruling, declaring the EU-US Privacy Shield decision invalid because US law doesn't provide adequate protection, and the only way to continue to export data to the US is to rely on supplementary measures. However, the ECJ has given no guidance on what these supplementary measures should be.

SwipedOn is currently doing everything that has been requested. If the ECJ decides what the supplementary measures should be, we will adopt these as well. All our subprocessor agreements include standard contractual clauses, so we are confident that SwipedOn still has adequate GDPR controls and processes in place. All SwipedOn data is currently hosted by AWS in the USA. We expect to offer alternative data storage locations in the near future.

We have a Data Processing Addendum especially for companies within the EU to opt into. This is pre-signed and can be downloaded here and returned to

If you should have any further questions around the Schrems II ruling and data security please contact us at

Related support articles:

*Our support team is available 24x5 via the live chat bubble or for any questions or support you may require.

Did this answer your question?