Through reading the Standard Terms and the Data Processing Addendum, I can see that the documents pretty much state that they can send data outside the EU.
As much as I like the product, this is just not jiving well with our compliance folks. Which I understand.
Any other European companies who have struggled with the same issue? How have you interpreted/solved this?
My host is Scaleway, with datacentres in Paris, Warsaw and Amsterdam :). There are many options for self hosting in the EU.
I believe the Discourse team has a European option, if you don’t wish manage hosting yourself? So has Communiteq?
Hey Nina,
As Robert mentioned we do have an option for hosting in the EU, specifically Dublin, Ireland. You’re also correct that we can’t guarantee the data will never leave the EU. Our company is global, as are most of our subprocessors like our CDN provider, our image storage provider, etc. We do have numerous EU companies, large and small, that use our hosting. That said, I’m not their lawyer or compliance team, so I can’t speak to their decisions. Feel free to shoot us an email if you (or your compliance team) would like to chat about our hosting in more detail!
And this is all assuming you want managed hosting. Our Standard Terms and DPA are irrelevant if you decide to self-host.
Excellent - Communiteq may just be what we need. Thanks!
强制性声明:“我不是律师,以上内容也不是法律建议。” 
是的,我们花了几个月才解决(但值得)。
Discourse 的团队对我们非常耐心,并做了一些改进。例如,子处理器列表现在更加详细,告知我们服务的使用位置。我们不喜欢的任何子处理器,我们都可以轻松地在我们的实例中禁用。
最终,我们的实例托管在欧盟,并且我们目前只使用欧洲的 CDN。不幸的是,中国的用户无法检索此内容,因此我们可能需要向全球 CDN 开放。其他非欧盟国家的用户可以毫无问题地访问欧洲 CDN。
就 GDPR 而言,我们的政策大致是“任何传输到欧盟成员国或属于欧洲经济区协议的国家以外的国家,都需要客户事先书面同意,并且只能在满足 GDPR 第 44 条的特殊要求的情况下进行。”
我们有几条类似的条款,我理解的意思是“如果你不将数据存储在欧盟,但它符合欧盟标准,那么就可以了。”