ProductLog
Sign in Get started
Compliance · EU data protection

ProductLog is GDPR compliant

Last updated: May 27, 2026

GDPR-compliant by design DPA available online EU-based product company

Lawful processing

Your data is processed under Article 6 lawful bases and retained only as long as needed to deliver the service.

Data Processing Agreement

Our standard DPA is published online — review it any time, no request required.

EU-resident infrastructure

Customer accounts, changelog content, feedback posts, and billing records are stored in EU data centers (France and Germany).

Your rights, honored

Access, correction, export, erasure — exercise any of your GDPR rights with a single email to support.

What is GDPR?

The General Data Protection Regulation (GDPR) is the world’s toughest privacy and security law. Though drafted and passed by the European Union (EU), it imposes obligations on organizations anywhere that target or collect data related to people in the EU. The regulation took effect on May 25, 2018. The GDPR can impose heavy fines on violators, with penalties reaching tens of millions of euros or 4% of annual turnover.

Is ProductLog GDPR compliant?

Yes. We take our customers’ data protection very seriously — and the data of every end-user who interacts with your public changelog, feedback board, roadmap, or survey. The product is built for GDPR compliance from the ground up: feedback posts, survey responses, voter records, and account data sit on EU-resident infrastructure with documented lawful bases and per-workspace deletion controls.

Who is the data controller?

For the account, billing, changelog, feedback, roadmap, and survey data you create inside ProductLog, ProductLog is the data processor and you (the workspace owner) are the data controller, governed by our Data Processing Agreement. For the limited personal data we collect directly from you to operate ProductLog (your account details, billing records, and support correspondence), ProductLog is the data controller.

The full legal identity, registered company name, and registered address of the controller are published in our Imprint. For any privacy or data-protection matter — including data-subject requests — you can reach us at [email protected] or through our contact form (select “Privacy or data request”).

What does it mean to me that ProductLog is GDPR compliant?

It means we store and handle your data — and the customer data you collect through public ProductLog surfaces — in accordance with the General Data Protection Regulation (GDPR), even if you’re based outside the EU. Read more about GDPR on the European Commission website.

Also, please read our Privacy Policy, Terms of Service, and Cookie Policy for more information.

Your data-subject rights

If we hold personal data about you, the GDPR gives you the right to request access to it, to have it corrected or completed, to have it erased, to restrict or object to its processing, and to receive it in a portable, machine-readable format. You also have the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, email [email protected] or use our contact form — we respond within the statutory time limits. Workspace owners can also export and delete most data directly from their workspace settings.

Sub-processors

To deliver the service we rely on a small number of carefully selected sub-processors, each bound by a data-processing agreement. Customer accounts, changelog content, feedback posts, survey responses, and billing records are stored on EU-resident infrastructure (data centers in France and Germany). A limited set of operational sub-processors may process certain data outside the EU; where that happens, transfers are covered by appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, the EU–U.S. Data Privacy Framework (DPF):

  • Transactional email — Amazon Web Services (Amazon SES) sends account, notification, and confirmation emails. Some processing occurs in the United States under SCCs / the EU–U.S. Data Privacy Framework.
  • Payments — Stripe processes subscription billing and payment data. Some processing occurs in the United States under SCCs / the EU–U.S. Data Privacy Framework. ProductLog does not store full card numbers.
  • Hosting & data storage — EU-resident cloud infrastructure (France and Germany) hosts your account, content, and backups.

The authoritative, up-to-date list of sub-processors — including the categories of data each processes — is maintained in our Data Processing Agreement.

Signing a Data Processing Agreement (DPA)

Our Privacy Policy governs how we process your data and contains everything you need to know about how we handle your account, changelog, and feedback information.

If you’re in the EU and your local laws require a Data Processing Agreement (DPA), our standard DPA is published online — review it any time, no request required. If you also need a copy signed for your records, contact us and we will send one.

Data Processing Agreement

Read our Data Processing Agreement

Our DPA is published online and ready to read. Need a copy signed for your records? Reach out and we’ll send one.

Read the DPA