GDPR Compliance
Meeting Room 365 is committed to protecting the privacy and security of our users. We are working to meet or exceed the requirements of the General Data Protection Regulation.
Make a Data Request
We respect the rights of individuals to know how their data is being used, export it, or request that it be deleted. To make a data subject access request (DSAR), contact us at the address below.
Make a Data RequestData Processing Partners
We rely on a number of trusted third parties to operate our service. Each is carefully evaluated for security and privacy practices.
| Partner | Region | Purpose |
|---|---|---|
| OVHcloud |   |
Primary cloud infrastructure |
| DigitalOcean | |
Managed databases (AMS region) |
| Amazon Web Services | |
Additional cloud infrastructure |
| Cloudflare | |
CDN, DDoS protection, and Web Application Firewall |
| Stripe | |
Payment processing (PCI Level 1 Service Provider) |
| PostHog | |
Product analytics (EU-hosted) |
| Crisp | |
Customer support chat |
| Google Analytics | |
Website analytics |
Compliance Status
GDPR compliance requires ongoing effort. Below is a summary of the measures we have implemented.
Application Security
- TLS/SSL deployed across all endpoints
- Personal data collection restricted to the minimum necessary
- Logs redacted to prevent writing unnecessary personal or sensitive data
- Web Application Firewall enabled and blocking common attacks
- Access to backups restricted to authorized personnel
Privacy Procedures
- Data Protection Lead nominated
- Process established for subject data requests
- Procedure established for correcting inaccuracies in personal data
- Internal employee and contractor behaviors around personal data documented
- Security reporting process published on public website
Frequently Asked Questions
If you have any concerns not answered here, please reach out and we'll be happy to assist.
The General Data Protection Regulation (GDPR) is privacy legislation enacted by the European Union. It governs how personal data (such as IP addresses, email addresses, and names) and sensitive data (such as health information) is handled by organizations.
Our databases are hosted on DigitalOcean in the AMS (Amsterdam) region. Primary application infrastructure is hosted on OVHcloud across US and European datacenters. We do not process or store EU customer data outside the EU for database operations.
We are happy to discuss your specific data processing requirements. Please contact us at [email protected] to request a DPA or discuss your organization's needs.
We take all security reports seriously. Please email [email protected] with details of any potential data breaches, vulnerabilities, or concerns. We commit to acknowledging all reports within 48 hours.
You can request access to, correction of, or deletion of your personal data at any time by emailing [email protected]. We will respond to all data subject requests within 30 days.
Privacy & Security Contact
James Futhey
440 N Barranca Ave #3659, Covina, CA 91723