ServerPilot and the GDPR

At ServerPilot, we're building a better way to host websites. Crucial to this is protecting the data of our customers and their end users.

The European Union's General Data Protection Regulation (GDPR) is a privacy law that came into effect on May 25, 2018. The GDPR sets rules about how companies collect, store, delete, and process the personal data of EU citizens. These rules apply to any company that processes the personal data of EU citizens, even if that company is not located in the EU.

ServerPilot is GDPR-compliant. If you have any questions related to the GDPR, you can send them to


Does the GDPR allow log files with IP addresses?

The primary purpose of logs with IP addresses is for security. The GDPR recognizes that you have a legitimate interest in maintaining security and allows data collection and processing for legitimate interests. Therefore, the reasonable retention of log files such as ServerPilot configures is allowed by the GDPR.

How do you become compliant?

At a high level, here are the steps to becoming compliant with the GDPR:

  1. Identify what user data you collect.
  2. Make sure you have a GDPR-allowed basis for its collection and processing.
  3. Make sure you're keeping the data secure.
  4. Make sure any companies you share user data with are GDPR-compliant.
  5. Make sure your Privacy Policy is GDPR-compliant.
  6. Regularly review your data collection, processing, sharing, access, and retention.

Which companies does ServerPilot use as sub-processors?

You can find a list of our sub-processors here.

Is ServerPilot registered with Privacy Shield?

Privacy Shield is a new framework for protecting user data transferred from the EU to the United States. Privacy Shield is a replacement for Safe Harbor.

Prior to the GDPR going into effect, we updated our Privacy Policy to comply with Privacy Shield's requirements and have applied for certification under both the the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. Due to the large volume of applications Privacy Shield has been receiving, the Privacy Shield Team at the U.S. Department of Commerce is asking for patience while they process applications.