ExaVault is GDPR Compliant

GDPR is a shared responsibility that we take seriously. ExaVault serves hundreds of EU and UK customers and is committed to compliance.

Data Processing Addendum

As a data processor for companies in the EU and UK, we offer a Data Processing Addendum (DPA) which incorporates the Standard Contractual Clauses. The DPA is offered to all customers, regardless of size, but you must specifically ask us for it. The Addendum guarantees our expert knowledge, reliability, resources and security with regards to processing your data.

Standard Contractual Clauses

Our Data Processing Addendum includes the Standard Contractual Clauses, which are a key legal mechanism required by GDPR to ensure that personal data from the EU is protected during transfer.


ExaVault is committed to maintaining Privacy Shield principles for our customers in the United Kingdom. We are up-to-date on data security requirements for both the UK and the EU, and we are able to support you in a post-Brexit world.

New: Choose Your File Storage Region

ExaVault now offers the ability to choose where your data is stored. Available storage locations include: EU, UK, USA, Australia, Canada, Japan, and Singapore.

Need Custom Terms?

Our standard Terms of Service and available Data Processing Addendum cover all the standard legal requirements for both the EU and the UK. Customers that determine that they are data controllers under the GDPR will need to sign our Data Processing Addendum. To obtain a copy of our Addendum, please contact our Support team. If your business needs a custom DPA, though, we are able to engage with your request as part of our Enterprise Services.

Our Commitment to GDPR

The European Union has strengthened the control that individuals have over their own data and their right to privacy by passing the GDPR (General Data Protection Regulation) into law.

We know that GDPR is critically important to the future of online file transfer. Our job is to help you remain GDPR compliant when sending and sharing files and documents.

GDPR Principles
  • All personal data must be kept secure.
  • EU citizens have the right to access their personal data.
  • Any personal data collected is needed only to fulfill a specific purpose.
  • Use of personal data collected will be done in a legal, fair and reasonable way.
  • Personal data will be accurate to the degree we can confirm accuracy and will not be held longer than necessary to maintain your account or file sharing services.

The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information and content available on this site are for general informational purposes only. Readers of this website are responsible for making their own independent assessment and should contact their attorney to obtain advice with respect to any particular legal matter, including compliance with any applicable state or local laws or regulations.

© 2022 ExaVault LLC. All Rights Reserved. ExaVault is a registered trademark of ExaVault LLC.