At ServerPilot, we're building a better way to host websites. Crucial to this is protecting the data of our customers and their end users.

The European Union's General Data Protection Regulation (GDPR) is a privacy law that came into effect on May 25, 2018. The GDPR sets rules about how companies collect, store, delete, and process the personal data of EU citizens. These rules apply to any company that processes the personal data of EU citizens, even if that company is not located in the EU.

ServerPilot is GDPR-compliant. If you have any questions related to the GDPR, you can send them to


Does the GDPR allow log files with IP addresses?

The primary purpose of logs with IP addresses is for security. The GDPR recognizes that you have a legitimate interest in maintaining security and allows data collection and processing for legitimate interests. Therefore, the reasonable retention of log files such as ServerPilot configures is allowed by the GDPR.

How do you become compliant?

At a high level, here are the steps to becoming compliant with the GDPR:

  1. Identify what user data you collect.
  2. Make sure you have a GDPR-allowed basis for its collection and processing.
  3. Make sure you're keeping the data secure.
  4. Make sure any companies you share user data with are GDPR-compliant.
  5. Make sure your Privacy Policy is GDPR-compliant.
  6. Regularly review your data collection, processing, sharing, access, and retention.

Which companies does ServerPilot use as sub-processors?

You can find a list of our sub-processors here.

Is ServerPilot registered with Privacy Shield?

ServerPilot is certified with both the EU-U.S. and the Swiss-U.S. Privacy Shield frameworks.

Privacy Shield is a new framework for protecting user data transferred from the EU to the United States. Privacy Shield is a replacement for Safe Harbor.