GDPR & Security
Transparency is at the core of NowButtons.
Data Residency
Our primary infrastructure and databases are hosted within the European Union (Amsterdam region via DigitalOcean).
Backups are stored locally in The Netherlands on encrypted secure servers.
Security Measures
We implement industry-standard security measures including:
- Encryption in transit (SSL/TLS)
- Strict access controls for personnel
- Regular automated backups
- DDoS protection via Cloudflare
Data Minimization
We only collect what is strictly necessary to make the widgets work.
- IP addresses are masked or minimized where possible.
- Chat history retention is minimized and strictly linked to your subscription plan.
- No cross-site tracking cookies.
Compliance
We operate under Dutch Law and comply with the GDPR.
We offer a comprehensive Data Processing Agreement (DPA) for all our customers, which includes standard contractual clauses (SCCs) for any necessary international transfers.
Subprocessors
To provide our services, we partner with best-in-class infrastructure providers. We have active Data Processing Agreements in place with all vendors below.
| Service | Vendor | Location | Purpose |
|---|---|---|---|
| Hosting & Database | DigitalOcean | EU (NL) | Primary data storage |
| Transactional Email | Brevo | EU (FR) | Sending notifications |
| Realtime Transport | Ably | EU (IE) | Message delivery (Transient) |
| Email Security | Postmark | USA* | DMARC & Signup emails |
| Logging & Monitoring | Sentry / Grafana | USA* | Error tracking & stability |
| CDN & Security | Cloudflare | Global | Performance & Protection |
Note: This table lists our primary infrastructure. For a complete list of all subprocessors (including internal business tools), please refer to our full DPA.
* For vendors located in the USA, we rely on the EU Standard Contractual Clauses (SCCs).