My team has already been in discussion with someone at Render about this, but it raised some questions that I think could be useful for all EU customers of Render.
Our general question is: how do you ensure your EU customers remain GDPR compliant while using Render services?
One thing we have been told so far is:
Your databases are encrypted before being transferred to the US, and encryption keys are also on our US servers.
Can you confirm why our database is transferred to the US when it is created in the Frankfurt region? If this is to aid with customer support or something, can we opt out of such a transfer/replica being held in the US?
Could it be useful to have some documentation somewhere to confirm that EU customers can remain GDPR compliant while using Render? And to note any extra steps they might need to take - eg request a data processing agreement from Render? Currently a search of ‘GDPR render.com’ doesn’t yield any useful results.