All SupporterBase instances have their own separate database and hosting provision as part of our security commitment. An additional benefit of this approach is that we can select either the United States or Europe as the region to host your application when we provision your SupporterBase and its underlying infrastructure through Heroku (our hosting provider). This is particularly important to allow us to select Europe for hosting your infrastructure if you are subject to GDPR requirements.
The dynos and databases that power your application reside physically in the region specified. There are some services ancillary to your Heroku Postgres database that are always located in the US. The database snapshots that are taken as regular daily backups (each available for a week) are stored in the US. Additionally, application logs, system logs and Heroku Postgres logs are routed to Logplex, which is hosted in the US.
- More information on Heroku regions is visible here: https://devcenter.heroku.com/articles/regions.
- And specifically for Heroku Postgres data residency you can see this information: https://devcenter.heroku.com/articles/heroku-postgresql#data-residency
- For the purpose of SupporterBase, Heroku acts as a subprocessor of data as defined under GDPR. You can review further information on all SupporterBase subprocessors here: https://www.supporterbase.com/data_subprocessors
- You can review further information from Heroku on how they comply with GDPR here: : https://www.heroku.com/compliance