GDPR Compliant by Design
Proflow is built with data protection at its core. Every deployment model — cloud or on-premise — is covered by Data Processing Agreements at every level.
Data Processing Chain
Every entity in the data processing chain operates under a signed Data Processing Agreement. No gaps, no exceptions.
Your Company
You control owner and property data. You decide what is processed and why.
Proflow
We process data on your behalf under a signed DPA. We follow your instructions and protect your data.
Infrastructure Providers
Cloud hosting and AI providers operate under DPAs with Proflow. European data centers, no unauthorized transfers.
DPA coverage at every level — signed agreements between each entity ensure your data is protected throughout the entire processing chain.
How We Protect Your Data
Data Processing Agreements
Every data relationship is covered by a signed Data Processing Agreement (DPA). This applies to Proflow as your processor, to our cloud infrastructure providers, and to any AI providers used for email analysis.
On-Premise or Cloud — Both Protected
Choose on-premise deployment for maximum control, or cloud hosting with European data centers. Both options are fully GDPR compliant with DPAs in place at every level of the stack.
Encryption Everywhere
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Email content, owner information, and AI processing data are protected at every stage.
Transparent AI Processing
AI providers used for email classification and reply generation operate under strict DPAs. Your data is never used for model training. You can switch AI providers at any time or use local models for complete data isolation.
Role-Based Access Control
Fine-grained permissions ensure only authorized personnel access sensitive data. Full audit trail logs every action — who accessed what, when, and why.
Data Subject Rights
Proflow supports all GDPR data subject rights out of the box — access, rectification, erasure, portability, and restriction of processing. Export or delete owner data at any time.
Compliance Checklist
Proflow meets all requirements for GDPR-compliant property management software.
Frequently Asked Questions
Where is my data stored?
With cloud deployment, your data is stored in European data centers (Hetzner, Germany). With on-premise deployment, data never leaves your own servers. You choose the model that fits your compliance requirements.
Does AI processing send data outside the EU?
By default, no. Proflow supports EU-hosted AI providers and local models (Ollama). If you choose a non-EU AI provider, this is covered by appropriate DPAs and Standard Contractual Clauses. You can switch providers at any time.
Can I get a copy of the DPA?
Yes. We provide our standard Data Processing Agreement to all customers before deployment. Contact us to request a copy or to discuss custom terms.
How do you handle data retention?
You define your own data retention policies within Proflow. When data is deleted, it is permanently removed from all systems including backups, in accordance with your retention schedule.
What happens if there is a data breach?
Proflow has a documented incident response procedure. We notify affected customers within 72 hours as required by GDPR, with full details of the breach scope, affected data, and remediation steps.
Is Proflow compliant with Slovak data protection law?
Yes. Proflow complies with both GDPR and the Slovak Act on Personal Data Protection (18/2018 Z.z.). Our DPAs reflect both EU and local Slovak requirements.
Ready to See Proflow in Action?
Book a demo and we'll walk you through our GDPR-compliant platform, deployment options, and Data Processing Agreements.