International Data Transfers & Data Residency at Pirsonal

Pirsonal supports GDPR-compliant data processing for organizations operating in the European Union, including scenarios where data is processed in the United States. Customers can choose where their data is hosted (EU or US). When personal data is transferred outside the European Economic Area (EEA), Pirsonal applies the European Commission’s Standard Contractual Clauses (SCCs), together with supplementary technical and organizational safeguards, to ensure an equivalent level of data protection.

Table Of Contents
  1. International Data Transfers & Data Residency at Pirsonal
  2. Choose where your data is processed
  3. Standard and Custom Environments
  4. When data is transferred outside the EU
  5. Legal safeguards for EU to US transfers
  6. Ensuring an equivalent level of protection
  7. How data flows through Pirsonal
  8. How Pirsonal’s platform is structured
  9. Typical configuration for EU organizations using US infrastructure
  10. Subprocessors and infrastructure providers
  11. Avoiding international data transfers
  12. Supporting documentation
  13. Need a tailored setup?
  14. Related Legal Documents

Choose where your data is processed

Pirsonal is designed to give customers control over data residency—allowing organizations to align infrastructure choices with their legal, regulatory, and internal compliance requirements.

You can configure your setup based on your needs:

  • EU-based infrastructure for GDPR-focused deployments
  • US-based infrastructure for flexibility and performance
  • Custom hosting options (e.g., AWS S3, Azure Blob Storage)
  • Dedicated environments available upon request

The location of data processing depends on the infrastructure selected by your organization.

Standard and Custom Environments

Pirsonal offers both Standard and Custom Deployment Environments to support different operational and compliance requirements.

Standard environments are designed to meet the needs of most organizations, with predefined infrastructure, security controls, and service levels aligned with our core platform and documentation.

For organizations with specific legal, technical, or regulatory requirements, Pirsonal can provide custom environments tailored to agreed specifications. These may include dedicated infrastructure, defined data residency, and customized service levels, subject to contractual agreements and service level terms.

When data is transferred outside the EU

Personal data may be transferred outside the European Economic Area (EEA) in the following scenarios:

  • When your organization selects US-based infrastructure
  • When certain subprocessors operate from the United States
  • When content is delivered globally through a content delivery network (CDN)

Pirsonal is transparent about these scenarios so your team can assess and configure your setup accordingly.

For transfers of personal data from the EU to the United States, Pirsonal relies on the European Commission’s Standard Contractual Clauses (SCCs), as adopted in Decision (EU) 2021/914.

Where applicable, Module 2 (Controller to Processor) is used.

These clauses are incorporated into Pirsonal’s Data Processing Addendum (DPA) and apply to relevant subprocessors and infrastructure providers involved in data processing.

Ensuring an equivalent level of protection

Pirsonal has assessed the legal and technical risks associated with international data transfers, including potential access by public authorities in third countries.

To mitigate these risks, Pirsonal applies a combination of technical and organizational safeguards:

Technical measures

  • Encryption in transit using secure protocols (TLS)
  • Where possible Encryption at rest for stored data
  • Access controls and authentication mechanisms

Organizational measures

Data minimization and retention

  • Only data required for processing is used
  • Media assets are automatically deleted after rendering
  • Logs for successful videos are automatically deleted (Standard Environments)
  • Custom logs deletion policies (Custom Deployment Environments)
  • Flexible storage and retention configurations

These measures are designed to support an equivalent level of data protection in line with GDPR requirements. For a detailed assessment of transfer risks and safeguards, please refer to our Transfer Impact Assessment (TIA).

How data flows through Pirsonal

Pirsonal processes data through a structured pipeline that includes:

  1. Data input (CSV files, APIs, CRM integrations)
  2. Processing (video rendering using dynamic templates)
  3. Storage (temporary or configured hosting environments)
  4. Delivery (video player, landing pages, CDN)
  5. Analytics (engagement tracking and reporting)

The location of each processing stage depends on the infrastructure selected by your organization (e.g., EU, US, or hybrid configurations), whether managed by Pirsonal or configured by the client in accordance with agreed technical and contractual requirements

The table below provides a general overview of how personal data may flow through the service.

Processing stageProcessing stagePurposePossible locationTransfer relevance
Transfer relevanceNames, email addresses, identifiers, customer-provided text, images, audio, video, structured data from CSV, API, or CRMIngest customer data required to generate personalized video experiencesEU, US, hybrid, or custom environmentMay involve a transfer if data is submitted to infrastructure located outside the EEA
Rendering and processingInput data, template logic, media assets, personalization variables, output generation dataGenerate personalized video content based on customer-defined rules and assetsEU, US, hybrid, or custom environmentMay involve a transfer if rendering takes place outside the EEA
Storage and hostingRendered video files, media assets, associated metadata, delivery filesStore content for delivery, playback, or customer-configured retention needsEU, US, hybrid, or custom environmentMay involve a transfer depending on the selected hosting configuration
DeliveryVideo URLs, player sessions, landing page delivery data, CDN-related request dataDeliver personalized content to end users across channels and devicesEU, US, or globally distributed infrastructure depending on delivery setupMay involve international access or routing depending on delivery architecture
Analytics and reportingEngagement events, play data, interaction metrics, CTA events, operational metadataMeasure performance, support reporting, and enable customer insightsEU, US, hybrid, or custom environmentMay involve a transfer if analytics or related infrastructure is located outside the EEA

Important clarification: The exact data flow depends on the services used, the infrastructure selected by the customer, and any custom configuration agreed between the parties. Organizations with stricter data residency requirements may choose EU-based environments to reduce or avoid international data transfers. For more information about applicable safeguards for international transfers, please refer to our Transfer Impact Assessment (TIA) and related transfer documentation.PLATFORM ARCHITECTURE (NEW SECTION)Add this right before or after the data flow explanation.

How Pirsonal’s platform is structured

Pirsonal’s platform is composed of multiple components that work together to process, generate, and deliver personalized video experiences:

  • Pirsonal Engine: processes data and renders personalized videos
  • Pirsonal Pages: generates personalized landing pages
  • Pirsonal Player: delivers video playback and interactive experiences
  • User Dashboard: provides campaign analytics and manages campaigns, data, and workflows
  • Pirsonal Editor: allows creation and configuration of video templates
  • API: allows creation, deletion, managing of Pirsonal Engine, Pirsonal Pages and Pirsonal Player.

These components rely on associated databases and infrastructure to operate.

Infrastructure location

By default, when a customer selects a deployment region (e.g., EU or US):

All core platform components and their associated databases are deployed and operate within the same selected geographic region.

This includes:

  • Application services
  • Processing systems
  • Databases
  • Internal platform logic

Video hosting flexibility

Rendered video outputs can be hosted separately from the core platform infrastructure.

Depending on the configuration and customer requirements, videos may be hosted:

  • In the same region as the platform (EU or US)
  • In a different region (e.g., EU-based storage for EU audiences)
  • Through globally distributed infrastructure (e.g., CDN)

This allows customers to balance performance, cost, and data residency requirements.

Typical configuration for EU organizations using US infrastructure

Many organizations based in European countries choose to use US-based infrastructure for processing and rendering, while maintaining control over where final content is hosted.

A common setup includes:

  • Platform and databases (Pirsonal Engine, Pirsonal Pages, Pirsonal Player, Dashboard, Pirsonal Editor) → Hosted in the United States
  • Video rendering and processing → Performed in the United States
  • Final video hosting and delivery → Hosted in a customer-selected region (e.g., EU locations such as Ireland or Germany, or global CDN delivery)

Why this configuration is used

This approach allows organizations to:

  • Optimize implementation and operational costs
  • Maintain flexibility in infrastructure and deployment
  • Control where end-user content is stored and delivered
  • Align with internal or contractual data residency requirements

Important note

The exact configuration depends on:

  • Customer requirements
  • Contractual agreements
  • Selected plan and infrastructure setup

Organizations with stricter data residency requirements may choose fully EU-based deployments.

Subprocessors and infrastructure providers

Pirsonal works with carefully selected subprocessors to deliver its services, including cloud infrastructure and content delivery providers.

These may include:

  • Microsoft Azure
  • Amazon Web Services (AWS), where applicable
  • BunnyCDN
  • Hosting providers and Data Centers supporting Pirsonal infrastructure

All subprocessors are subject to contractual, technical, and organizational safeguards aligned with GDPR requirements.

For full details, see our Subprocessors documentation.

Avoiding international data transfers

Organizations that prefer to avoid international data transfers can configure Pirsonal to operate entirely within EU-based infrastructure.

This allows your team to:

  • Keep data processing within the European Economic Area
  • Align with strict regulatory or internal compliance requirements
  • Reduce cross-border data transfer considerations

Custom configurations are available to support compliance-driven deployments. By default, this configuration includes:

  • Microsoft Azure for media distribution
  • Hosting providers and Data Centers supporting Pirsonal infrastructure in the Europe

Supporting documentation

For more detailed information, please refer to:

Need a tailored setup?

If your organization has specific data protection, infrastructure, or compliance requirements, our team can help you design a setup aligned with your policies and regulatory needs. Contact us today.

Visit our Legal Center for additional documentation or security details

Legal Center

Related Legal Documents

Pirsonal GDPR Subprocessor Information

Explore the list of approved subprocessors used by Pirsonal and how data is securely handled across third-party services in full alignment with GDPR requirements.

Read More

Pirsonal’s ISO27001 Certification

Understand how Pirsonal meets internationally recognized information security standards through its ISO 27001 certification, ensuring robust data protection and risk management.

Read More

Pirsonal’s Information Security System Policy

Review the principles and practices behind Pirsonal’s information security framework, designed to safeguard data, ensure operational integrity, and support enterprise compliance needs.

Read More

Legal Notice

Review Pirsonal’s Legal Notice, including the terms governing access to our website and services, user obligations, liability limitations, billing terms, intellectual property, and applicable jurisdiction.

Read More

Service Level Agreement (SLA)

Review Pirsonal’s uptime commitment, support availability, maintenance policies, and service credits to understand how we ensure reliable platform performance.

Read More

Security Overview

Explore Pirsonal’s approach to enterprise security, including data protection, infrastructure, access controls, and compliance with GDPR and industry standards.

Read More

Data Processing Addendum (DPA)

Review Pirsonal’s Data Processing Addendum, outlining how personal data is processed, protected, and handled in compliance with GDPR and applicable data protection laws.

Read More

Transfer Impact Assessment (TIA)

Review Pirsonal’s Transfer Impact Assessment (TIA) for EU to US data transfers, including SCCs, safeguards, risk analysis, and GDPR compliance considerations.

Read More

Privacy Policy

Pirsonal’s Privacy Policy explains how personal data is processed, stored, and protected, including GDPR rights and data protection practices.

Read More

Standard Contractual Clauses (SCCs)

Includes Module 2, annexes, and supplementary safeguards aligned with GDPR and Schrems II.

Read More

Professional Services Agreement

Read Pirsonal’s Professional Services Agreement, including terms for consulting, implementation, fees, confidentiality, and data protection for personalized video services.

Read More

Master Service Agreement (SMA)

Read Pirsonal’s Master Service Agreement (MSA) to understand how our personalized video platform, services, data protection, and legal terms are structured.

Read More