GDPR and Data Protection
Understand how Galaxy handles GDPR compliance and helps you protect user data
If you're serving users in Europe or handling personal data, GDPR matters. Galaxy takes data protection seriously and provides the tools and transparency you need to stay compliant.
Important context: Galaxy's infrastructure is designed to host applications and databases, not to collect or process personal data as a primary function. That said, if your app handles personal data (like user accounts, contact info, or behavior tracking), GDPR applies to you. Galaxy assists with compliance obligations, but the responsibility for handling personal data correctly stays with you.
What to know upfront: GDPR applies to any app processing personal data of EU residents, regardless of where your app is hosted. Galaxy is prepared to help you meet these obligations.
If you're uncertain whether your app handles personal data, it's worth a quick read through the FAQs below.
What is GDPR?
The General Data Protection Regulation (GDPR) came into effect on May 25, 2018. It standardizes data protection rules across the European Union and gives EU residents significant rights over their personal data. Think of it as a framework that protects people's privacy while clarifying what companies can and can't do with their information.
GDPR applies to you if you're processing personal data (any information that identifies a person) of EU residents, even if your app or business is based elsewhere. It covers everything from user emails to location data, browsing history, and device identifiers.
How Galaxy Helps You Stay Compliant
Galaxy has been GDPR-ready since before the regulation became enforceable, and we continue to enhance our processes and infrastructure to support your compliance obligations.
You're Protected at the Infrastructure Level
Galaxy processes data in a standardized, automated way across all deployments. All data is processed the same way according to your app's configuration. We maintain infrastructure to meet our obligations as a data processor under GDPR.
Here's what that means for you:
You Control the Processing: As the data controller, you decide what data your app collects and how it's used. Galaxy acts as your data processor, handling the technical infrastructure. All data is processed in the same way according to your configuration.
We Help with Data Subject Requests: When EU users exercise their rights under GDPR (like requesting a copy of their data or asking for deletion), you can turn to Galaxy for assistance. We can help compile the personal data and delete it securely.
Documentation and Assessments: We conduct Data Protection Impact Assessments and can provide documentation about our processing activities. This helps you respond to regulatory inquiries or audits.
Key Questions About GDPR at Galaxy
Next Steps
Not Sure If You're Compliant?
GDPR compliance isn't one-and-done. It's about building data protection into how you design and run your app. Start by mapping what personal data you collect, why you need it, and how long you keep it. Then make sure your privacy policy is clear and accurate.
If you have specific compliance questions or need help with a Data Subject request, reach out to Galaxy support.