Resgrid GDPR Compliance
Last updated: March 22, 2026
Resgrid is committed to protecting the privacy and personal data of all users on our EU Instance in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page describes how Resgrid implements GDPR compliance, the rights available to EU users, and the technical and organizational measures we have in place to safeguard your data.
We take our obligations as a data controller seriously and have designed the EU Instance of Resgrid with privacy and data protection at the forefront.
Scope — EU Instance Only
This GDPR compliance statement applies exclusively to the EU Instance of Resgrid. The EU Instance is a dedicated deployment of the Resgrid platform operated specifically for customers and users in the European Union and European Economic Area (EEA).
The North American Instance of Resgrid is governed separately and is not subject to the GDPR commitments described on this page. If you are unsure which instance you are using, please contact us at team@resgrid.com.
All data processed through the EU Instance remains within the European Union at all times. We do not transfer personal data from the EU Instance to servers outside the EU.
Lawful Basis for Processing
Resgrid processes personal data on the EU Instance under the following lawful bases as defined in Article 6 of the GDPR:
Contract Performance: Processing is necessary to provide the Resgrid service you have subscribed to, including account management, dispatch operations, personnel management, and related platform features.
Legitimate Interests: We process certain data to improve the security, stability, and performance of the platform, to detect and prevent fraud, and to provide customer support.
Legal Obligation: In some cases, we are required to process personal data to comply with applicable EU law.
Consent: Where we rely on consent (for example, for certain communications or analytics), you have the right to withdraw that consent at any time.
Your Data Rights
Under the GDPR, users on the EU Instance of Resgrid have the following rights with respect to their personal data:
Right of Access (Article 15): You have the right to obtain a copy of the personal data we hold about you, along with information about how it is processed.
Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure / Right to be Forgotten (Article 17): You have the right to request deletion or anonymization of your personal data, subject to certain legal exceptions.
Right to Restriction of Processing (Article 18): You have the right to request that we restrict processing of your personal data in certain circumstances.
Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object (Article 21): You have the right to object to processing of your personal data where we rely on legitimate interests as the lawful basis.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local EU data protection supervisory authority if you believe your rights have been violated.
Accessing Your Data
EU Instance users can request a copy of their personal data directly from within the Resgrid platform:
1. Log in to your Resgrid account on the EU Instance.
2. Navigate to your Profile page.
3. Use the Request My Data option to submit a data access request.
Upon submission, we will compile and provide you with a copy of your personal data in a structured format. We will fulfill your request within 30 days in accordance with Article 12 of the GDPR. If the request is complex or numerous, we may extend this period by a further two months, and will notify you accordingly.
Data Deletion & Anonymization
EU Instance users can request deletion or anonymization of their personal data directly from within the Resgrid platform:
1. Log in to your Resgrid account on the EU Instance.
2. Navigate to your Profile page.
3. Use the Delete / Anonymize My Data option to submit your request.
When you request deletion, we will permanently remove your personal data from the platform. Where complete deletion is not possible due to legal or technical constraints (for example, audit logs required by law), we will anonymize your data so that it can no longer be attributed to you as an identifiable individual.
Please note that deleting your data may result in termination of access to the Resgrid platform if your account data is required to provide the service. We will notify you of any such consequences before processing your request.
Data Residency
All personal data processed through the EU Instance of Resgrid is stored and processed exclusively within the European Union. We do not transfer EU Instance data to servers, systems, or third parties located outside the EU or EEA.
This commitment to EU data residency ensures that your data remains subject to EU data protection law at all times and is never subject to the jurisdiction of non-EU countries.
Our EU Instance is hosted by OVH Cloud, a European cloud provider with data centers located within the European Union. See the Hosting Provider section below for more details.
Sub-Processors
Resgrid uses the following sub-processors in the EU Instance. All sub-processors listed here operate within the European Union for EU Instance data and are bound by appropriate data processing agreements in compliance with GDPR Article 28.
Sentry (Error Monitoring)
Sentry is used for application error monitoring and performance tracking on the EU Instance. Sentry processes error and diagnostic data to help us identify and fix bugs and performance issues. For the EU Instance, Sentry is configured to store and process data within the EU. Sentry is certified under appropriate data transfer mechanisms and operates a GDPR-compliant data processing agreement.
Countly (Analytics)
Countly is used for product analytics on the EU Instance to help us understand how users interact with the Resgrid platform. For the EU Instance, Countly is deployed and operated within the EU, ensuring that all analytics data remains in the EU. Countly does not share EU Instance analytics data with third parties outside the EU.
Paddle (Merchant of Record & Payment Processing)
Paddle serves as the Merchant of Record for subscriptions and billing on the EU Instance. Paddle handles payment processing, invoicing, tax compliance, and subscription management. As Merchant of Record, Paddle assumes legal responsibility for the transaction and is itself a data controller for payment data. Paddle operates in compliance with GDPR and maintains appropriate data processing agreements. For details on Paddle's data practices, please refer to Paddle's Privacy Policy.
For a complete list of all Resgrid sub-processors, please visit our Sub-Processors page.
Hosting Provider
The EU Instance of Resgrid is hosted exclusively on OVH Cloud (OVHcloud SAS), a leading European cloud infrastructure provider headquartered in France. OVH Cloud operates data centers located within the European Union, ensuring that all EU Instance data is stored and processed within EU jurisdiction.
OVH Cloud provides infrastructure-as-a-service (IaaS) including compute, storage, and networking resources. OVH Cloud is bound by a data processing agreement with Resgrid in accordance with GDPR Article 28, and operates in compliance with EU data protection requirements.
By using an EU-based cloud provider, Resgrid ensures that EU Instance data is never physically stored outside the European Union and is not subject to foreign government access laws that fall outside GDPR scope.
Security Measures
Resgrid implements appropriate technical and organizational measures to protect personal data processed on the EU Instance in accordance with GDPR Article 32, including:
Encryption: All data in transit is encrypted using TLS. Data at rest is encrypted using industry-standard encryption.
Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. Role-based access controls are enforced throughout the platform.
Monitoring and Logging: We monitor the EU Instance for security incidents and maintain audit logs to detect and respond to unauthorized access.
Data Breach Response: In the event of a personal data breach, Resgrid will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33, and will notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
For more information about our security practices, please visit our Security page.
Data Retention
Resgrid retains personal data on the EU Instance only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.
Account and profile data is retained for the duration of your active subscription. Upon account cancellation or expiration, personal data is retained for a limited period to allow for account reactivation or to comply with legal obligations, after which it is deleted or anonymized.
You may request earlier deletion of your data at any time via the Profile page, subject to any legal retention requirements.
Contact Us
If you have questions about our GDPR compliance, wish to exercise your data rights, or have a complaint about how we handle your personal data on the EU Instance, please contact us:
Email: team@resgrid.com
Postal Address: Resgrid, LLC, 3079 Harrison Ave Suite 110, South Lake Tahoe, CA 96150, USA
We will respond to all data rights requests and privacy inquiries within 30 days of receipt.
If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority. A list of EU supervisory authorities is available on the European Data Protection Board website.