GDPR and data protection

COMPLIANCE Reading time : 3 min Updated May 13, 2026
Paak is designed from the ground up to comply with GDPR. No data leaves the European Union.

Hosting and providers

  • Hosting — OVHcloud, France.
  • Authentication — Hanko, Germany.
  • Payments — Mollie, Netherlands.
  • Emails — Brevo, France.

No US providers. Your data stays in the EU.

Data-subject rights

  • Access — all data viewable on the contact profile.
  • Rectification — edit info directly on the profile.
  • Erasure — delete a contact and all associated data.
  • Portability — export data as CSV.
  • Consent toggle on the contact profile.
  • Brevo unsubscribe via the link at the bottom of each newsletter.

Security measures

  • Passwordless authentication (passkeys) via Hanko.
  • HTTPS on all communications.
  • Data isolation per organisation.
  • Role-based access control.

FAQ

Is Paak a processor under GDPR?
Yes. Your club is the data controller.
How long is data retained?
While your account is active. On deletion: erased within 30 days.
Last updated: May 13, 2026 ID : help.compliance.gdpr