Is Cryptomator GPDR-compliant?

If you intend to store personal data (e.g. employee, customer, patient data, etc.), you must protect this data from access by third parties using suitable security measures. For example, GDPR articles 6, 32 and 34 explicitly refer to the possibility of encryption to protect data.

The use of Cryptomator is therefore such a technical security measure, which is suitable for storing encrypted data in your cloud. Please note that you usually have to sign an additional DPA with your cloud storage provider.

Do I need a Data Processing Agreement (DPA)?

Cryptomator runs as an application only on your PC or Smartphone. While we are the manufacturer of this software, we are no service provider and neither store, process or otherwise get in touch with your data. Therefore no DPA is needed to use Cryptomator. You keep full control over the data and are the sole person able to access to it!

Do I need a Data Processing Agreement (DPA) with my cloud storage provider?

Even if it is impossible to relate data to a person without the decryption key, a DPA might be necessary. We therefore recommend that you conclude a DPA with your cloud storage provider.