Before you choose a platform, plan your campaign first

Get the checklist

International Data Transfers & Data Residency at Pirsonal

Pirsonal supports GDPR-compliant data processing for organizations operating in the European Union, including scenarios where data is processed in the United States. Customers can choose where their data is hosted (EU or US). When personal data is transferred outside the European Economic Area (EEA), Pirsonal applies the European Commission’s Standard Contractual Clauses (SCCs), together with supplementary technical and organizational safeguards, to ensure an equivalent level of data protection.

Table Of Contents
  1. International Data Transfers & Data Residency at Pirsonal

Choose where your data is processed

Pirsonal is designed to give customers control over data residency—allowing organizations to align infrastructure choices with their legal, regulatory, and internal compliance requirements.

You can configure your setup based on your needs:

  • EU-based infrastructure for GDPR-focused deployments
  • US-based infrastructure for flexibility and performance
  • Custom hosting options (e.g., AWS S3, Azure Blob Storage)
  • Dedicated environments available upon request

The location of data processing depends on the infrastructure selected by your organization.

Standard and Custom Environments

Pirsonal offers both Standard and Custom Deployment Environments to support different operational and compliance requirements.

Standard environments are designed to meet the needs of most organizations, with predefined infrastructure, security controls, and service levels aligned with our core platform and documentation.

For organizations with specific legal, technical, or regulatory requirements, Pirsonal can provide custom environments tailored to agreed specifications. These may include dedicated infrastructure, defined data residency, and customized service levels, subject to contractual agreements and service level terms.

When data is transferred outside the EU

Personal data may be transferred outside the European Economic Area (EEA) in the following scenarios:

  • When your organization selects US-based infrastructure
  • When certain subprocessors operate from the United States
  • When content is delivered globally through a content delivery network (CDN)

Pirsonal is transparent about these scenarios so your team can assess and configure your setup accordingly.

For transfers of personal data from the EU to the United States, Pirsonal relies on the European Commission’s Standard Contractual Clauses (SCCs), as adopted in Decision (EU) 2021/914.

Where applicable, Module 2 (Controller to Processor) is used.

These clauses are incorporated into Pirsonal’s Data Processing Addendum (DPA) and apply to relevant subprocessors and infrastructure providers involved in data processing.

Ensuring an equivalent level of protection

Pirsonal has assessed the legal and technical risks associated with international data transfers, including potential access by public authorities in third countries.

To mitigate these risks, Pirsonal applies a combination of technical and organizational safeguards:

Technical measures

  • Encryption in transit using secure protocols (TLS)
  • Where possible Encryption at rest for stored data
  • Access controls and authentication mechanisms

Organizational measures

Data minimization and retention

  • Only data required for processing is used
  • Media assets are automatically deleted after rendering
  • Logs for successful videos are automatically deleted (Standard Environments)
  • Custom logs deletion policies (Custom Deployment Environments)
  • Flexible storage and retention configurations

These measures are designed to support an equivalent level of data protection in line with GDPR requirements. For a detailed assessment of transfer risks and safeguards, please refer to our Transfer Impact Assessment (TIA).

How data flows through Pirsonal

Pirsonal processes data through a structured pipeline that includes:

  1. Data input (CSV files, APIs, CRM integrations)
  2. Processing (video rendering using dynamic templates)
  3. Storage (temporary or configured hosting environments)
  4. Delivery (video player, landing pages, CDN)
  5. Analytics (engagement tracking and reporting)

The location of each processing stage depends on the infrastructure selected by your organization (e.g., EU, US, or hybrid configurations), whether managed by Pirsonal or configured by the client in accordance with agreed technical and contractual requirements

The table below provides a general overview of how personal data may flow through the service.

Processing stageProcessing stagePurposePossible locationTransfer relevance
Transfer relevanceNames, email addresses, identifiers, customer-provided text, images, audio, video, structured data from CSV, API, or CRMIngest customer data required to generate personalized video experiencesEU, US, hybrid, or custom environmentMay involve a transfer if data is submitted to infrastructure located outside the EEA
Rendering and processingInput data, template logic, media assets, personalization variables, output generation dataGenerate personalized video content based on customer-defined rules and assetsEU, US, hybrid, or custom environmentMay involve a transfer if rendering takes place outside the EEA
Storage and hostingRendered video files, media assets, associated metadata, delivery filesStore content for delivery, playback, or customer-configured retention needsEU, US, hybrid, or custom environmentMay involve a transfer depending on the selected hosting configuration
DeliveryVideo URLs, player sessions, landing page delivery data, CDN-related request dataDeliver personalized content to end users across channels and devicesEU, US, or globally distributed infrastructure depending on delivery setupMay involve international access or routing depending on delivery architecture
Analytics and reportingEngagement events, play data, interaction metrics, CTA events, operational metadataMeasure performance, support reporting, and enable customer insightsEU, US, hybrid, or custom environmentMay involve a transfer if analytics or related infrastructure is located outside the EEA

Important clarification: The exact data flow depends on the services used, the infrastructure selected by the customer, and any custom configuration agreed between the parties. Organizations with stricter data residency requirements may choose EU-based environments to reduce or avoid international data transfers. For more information about applicable safeguards for international transfers, please refer to our Transfer Impact Assessment (TIA) and related transfer documentation.PLATFORM ARCHITECTURE (NEW SECTION)Add this right before or after the data flow explanation.

How Pirsonal’s platform is structured

Pirsonal’s platform is composed of multiple components that work together to process, generate, and deliver personalized video experiences:

  • Pirsonal Engine: processes data and renders personalized videos
  • Pirsonal Pages: generates personalized landing pages
  • Pirsonal Player: delivers video playback and interactive experiences
  • User Dashboard: provides campaign analytics and manages campaigns, data, and workflows
  • Pirsonal Editor: allows creation and configuration of video templates
  • API: allows creation, deletion, managing of Pirsonal Engine, Pirsonal Pages and Pirsonal Player.

These components rely on associated databases and infrastructure to operate.

Infrastructure location

By default, when a customer selects a deployment region (e.g., EU or US):

All core platform components and their associated databases are deployed and operate within the same selected geographic region.

This includes:

  • Application services
  • Processing systems
  • Databases
  • Internal platform logic

Video hosting flexibility

Rendered video outputs can be hosted separately from the core platform infrastructure.

Depending on the configuration and customer requirements, videos may be hosted:

  • In the same region as the platform (EU or US)
  • In a different region (e.g., EU-based storage for EU audiences)
  • Through globally distributed infrastructure (e.g., CDN)

This allows customers to balance performance, cost, and data residency requirements.

Typical configuration for EU organizations using US infrastructure

Many organizations based in European countries choose to use US-based infrastructure for processing and rendering, while maintaining control over where final content is hosted.

A common setup includes:

  • Platform and databases (Pirsonal Engine, Pirsonal Pages, Pirsonal Player, Dashboard, Pirsonal Editor) → Hosted in the United States
  • Video rendering and processing → Performed in the United States
  • Final video hosting and delivery → Hosted in a customer-selected region (e.g., EU locations such as Ireland or Germany, or global CDN delivery)

Why this configuration is used

This approach allows organizations to:

  • Optimize implementation and operational costs
  • Maintain flexibility in infrastructure and deployment
  • Control where end-user content is stored and delivered
  • Align with internal or contractual data residency requirements

Important note

The exact configuration depends on:

  • Customer requirements
  • Contractual agreements
  • Selected plan and infrastructure setup

Organizations with stricter data residency requirements may choose fully EU-based deployments.

Subprocessors and infrastructure providers

Pirsonal works with carefully selected subprocessors to deliver its services, including cloud infrastructure and content delivery providers.

These may include:

  • Microsoft Azure
  • Amazon Web Services (AWS), where applicable
  • BunnyCDN
  • Hosting providers and Data Centers supporting Pirsonal infrastructure

All subprocessors are subject to contractual, technical, and organizational safeguards aligned with GDPR requirements.

For full details, see our Subprocessors documentation.

Avoiding international data transfers

Organizations that prefer to avoid international data transfers can configure Pirsonal to operate entirely within EU-based infrastructure.

This allows your team to:

  • Keep data processing within the European Economic Area
  • Align with strict regulatory or internal compliance requirements
  • Reduce cross-border data transfer considerations

Custom configurations are available to support compliance-driven deployments. By default, this configuration includes:

  • Microsoft Azure for media distribution
  • Hosting providers and Data Centers supporting Pirsonal infrastructure in the Europe

Supporting documentation

For more detailed information, please refer to:

Need a tailored setup?

If your organization has specific data protection, infrastructure, or compliance requirements, our team can help you design a setup aligned with your policies and regulatory needs. Contact us today.

Visit our Legal Center for additional documentation or security details

Legal Center

Related Legal Documents

Legal Notice

Review the terms governing access to Pirsonal’s website and services, including user responsibilities, acceptable use, liability limitations, and applicable jurisdiction.

Read More

Service Level Agreement (SLA)

Explore Pirsonal’s service commitments, including uptime guarantees, support response times, maintenance, and performance expectations.

Read More

Master Service Agreement (MSA)

Read Pirsonal’s Master Service Agreement (MSA) to understand how our personalized video platform, services, data protection, and legal terms are structured.

Read More

Professional Services Agreement

Access Pirsonal’s terms for consulting, implementation, fees, confidentiality, and data protection for personalized video execution services.

Read More

Data Processing Addendum (DPA)

Understand how Pirsonal processes personal data on behalf of customers, including GDPR obligations, roles, and safeguards for secure data handling.

Read More

International Data Transfers & Data Residency

Review how Pirsonal handles cross-border data transfers, including SCCs, data residency configurations, and GDPR-aligned safeguards.

Read More

Transfer Impact Assessment (TIA)

Understand how Pirsonal evaluates EU to US data transfers under GDPR, including safeguards and legal considerations.

Read More

Privacy Policy

Learn how Pirsonal collects, uses, and protects personal data in compliance with GDPR, including your rights, data usage, and security practices.

Read More

Standard Contractual Clauses (SCCs)

Access Pirsonal’s Standard Contractual Clauses (EU 2021/914) for secure international data transfers. Includes Module 2, annexes, and supplementary safeguards aligned with GDPR and Schrems II.

Read More

Publicity Opt-Out Request

Request to remove your company name, logo, or brand from Pirsonal’s website or client list. Submit your publicity opt-out request quickly and securely.

Read More

ISO 27001 Certification

Review Pirsonal’s ISO 27001 certification and our commitment to internationally recognized information security standards.

Read More

Information Security System Policy

Gain insight into Pirsonal’s Information Security Management System (ISMS), including risk management, internal controls, and security practices.

Read More

Security Overview

Learn how Pirsonal protects data through ISO 27001–aligned security practices, including access control, encryption, infrastructure, and secure delivery of personalized content.

Read More

GDPR Subprocessor Information

Explore our list of approved subprocessors and how third-party providers support our services while maintaining strict data protection standards.

Read More

Data Flow

Learn how Pirsonal’s software and services process data through a structured pipeline.

Read More

Responsible AI Use

Learn how Pirsonal supports AI-assisted personalized video workflows with customer control, human review, data protection, provider assessment, and EU AI Act awareness.

Read More