Trust Center

FAQ

All persistent customer data is stored in the EU region Frankfurt (Germany), primarily in Supabase Postgres instances. Static assets and temporary cache data remain within the Vercel and Upstash edge networks in EU regions.

Yes. The GDPR permits the use of US-based providers as long as (a) processing happens in the EU, (b) a DPA with Standard Contractual Clauses is in place, and (c) a Transfer Impact Assessment has been conducted. All three conditions are met at Laioutr. Additionally, Vercel is certified under the EU-US Data Privacy Framework.

What happens if US authorities request data (e.g. CLOUD Act)?

Formal requests from US authorities would have to be directed at our subprocessors. They are contractually obliged to inform us of any such request to the extent legally permissible. In our Transfer Impact Assessment we evaluated the residual risk and concluded that the actual risk is low, given the EU region and the nature of the data processed (predominantly content data of limited sensitivity, B2B customer data). We provide the full TIA under NDA on request.

Can I migrate my data to a different region?

Frankfurt is currently our default region for all EU customers. Dedicated hosting options or on-premise setups can be considered for enterprise customers under individual agreements — please get in touch.

Data export & termination

What happens to my data if I terminate the contract?

After contract end we provide, on request, a complete export of your content and configuration data in a structured, machine-readable format. Production data is then deleted within 30 days. Data in backups is automatically deleted in line with our backup retention policy after 7 days.

In which format can I export my data?

Content is exportable as JSON via the Laioutr API. Structural data (sections, pages, configuration) is also provided as JSON. Media files are returned as original assets.

How long does a full data export take?

For standard projects typically within a few hours. For very large datasets we coordinate the export individually.

Availability & performance

What availability do you guarantee?

We commit to 99.9 % monthly availability. If we fall below this target, service credits apply under our Standard SLA.

How can I monitor outages in real time?

Via our public status page at laioutr.statuspage.io. You can also subscribe to email notifications for status changes.

How do you handle outages of individual cloud regions?

Laioutr runs in a multi-region configuration. If a single region fails — including a physical disruption — other regions automatically take over. Details are on the Backups page.

Access & responsibility

Who at Laioutr has access to my data?

Access is strictly limited following the principle of least privilege. Only authorised employees with active MFA have administrative access to the production environment, and only when required for support, maintenance or incident resolution. All administrative access is logged.

Do you train your employees on data protection and security?

Yes — all employees go through a mandatory security and data protection onboarding and are bound by confidentiality agreements.

Certifications & audits

Are you ISO 27001 or SOC 2 certified?

Laioutr itself is currently not ISO 27001 or SOC 2 certified. Our underlying infrastructure (Vercel, Supabase, Upstash) is, however, extensively certified — see Compliance & Certifications. We evaluate own certifications based on enterprise customer demand.

➡️ Didn't find your question? Email security@laioutr.com.

Edit this pageorReport an issue

Compliance & Certifications

Fair usage policy

FAQ

Data residency & sovereignty

Where is my data stored?