How AuraDPP protects your data and complies with EU Regulation 2016/679
The General Data Protection Regulation (GDPR, EU 2016/679) is the world's most comprehensive data protection law. AuraDPP was built from the ground up with GDPR compliance as a core requirement – not an afterthought. As a platform that serves EU merchants and processes data of EU consumers, we take this responsibility seriously.
We use the following sub-processors to deliver our service:
| Sub-processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Google Cloud Platform | Hosting, database, storage | EU (Belgium, Frankfurt) | ISO 27001, SCCs, GDPR DPA |
| Stripe | Payment processing | EU + USA | EU-US DPF, SCCs, PCI DSS |
| Manus Auth | OAuth authentication | EU | GDPR DPA |
When a consumer scans a QR code on a Digital Product Passport, AuraDPP records the following anonymized data: timestamp, device type (mobile/desktop), browser family, and approximate country (derived from IP, then discarded). We do not store IP addresses, do not track individual consumers across scans, and do not build consumer profiles. No cookies are set on the consumer-facing DPP page.
As a merchant using AuraDPP, you can exercise your GDPR rights at any time by contacting[email protected]. We respond within 30 days. You can also delete your account and all associated data directly from your account settings.
If you use AuraDPP as a data processor on behalf of your customers (e.g., you are an agency creating DPPs for clients), you may request a Data Processing Agreement (DPA) from us. Contact[email protected].
AuraDPP GmbH · [email protected]